ssl_multicert.config -> ssl_multicert.yaml #12755
Open
+3,282
−446
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bneradt
force-pushed
the
convert_ssl_multicert_config_to_remap
branch
from
9b6767b to
4cb0241
Compare
10 tasks
bneradt
force-pushed
the
convert_ssl_multicert_config_to_remap
branch
5 times, most recently
from
601f7d5 to
145da27
Compare
Replace the ssl_multicert.config format with YAML format, following the pattern established by sni.yaml. The new ssl_multicert.yaml uses a top-level 'ssl_multicert' key containing a sequence of certificate entries. This also supports config conversion via: traffic_ctl config ssl_multicert <old_config> <new_config>
bneradt
force-pushed
the
convert_ssl_multicert_config_to_remap
branch
from
145da27 to
72e817d
Compare
Contributor
There was a problem hiding this comment.
Copilot reviewed 198 out of 198 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (3)
tests/gold_tests/tls/tls_check_dual_cert_selection.test.py:56
- The test is still using legacy format syntax in AddLines() after changing from ssl_multicert_config to ssl_multicert_yaml. Lines 53-56 contain legacy format entries like 'ssl_cert_name=signed-foo-ec.pem,signed-foo.pem' which should be converted to YAML format to match the migration pattern used consistently in other test files.
tests/gold_tests/tls/tls_check_cert_select_plugin.test.py:52 - Similar to tls_check_dual_cert_selection.test.py, this test is still using legacy format syntax after changing to ssl_multicert_yaml. Lines 49-52 should be converted to YAML format to be consistent with the migration pattern.
tests/gold_tests/tls/tls_check_cert_selection_reload.test.py:46 - This test is still using legacy format syntax in AddLines() after changing to ssl_multicert_yaml. Lines 44-46 contain legacy format entries which should be converted to YAML format for consistency.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+42
to
45
| ts.Disk.ssl_multicert_yaml.AddLines( | ||
| [ | ||
| 'dest_ip=* ssl_cert_name=passphrase.pem ssl_key_name=passphrase.key ssl_key_dialog="exec:/bin/bash -c \'echo -n passphrase\'"', | ||
| ]) |
There was a problem hiding this comment.
This test is still using legacy format syntax after changing to ssl_multicert_yaml. Lines 44-45 contain legacy format entries which should be converted to YAML format for consistency with the migration pattern.
Comment on lines
+68
to
71
| tr2.Disk.ssl_multicert_yaml.AddLines( | ||
| [ | ||
| 'dest_ip=* ssl_cert_name=passphrase2.pem ssl_key_name=passphrase2.key ssl_key_dialog="exec:/bin/bash -c \'echo -n passphrase\'"', | ||
| ]) |
There was a problem hiding this comment.
The second occurrence in this file also uses legacy format syntax after the migration. Lines 69-71 should be converted to YAML format.
brbzull0
reviewed
Dec 16, 2025
|
|
||
| std::string | ||
| SSLMultiCertMarshaller::to_json(SSLMultiCertConfig const &config) | ||
| { |
Contributor
brbzull0
reviewed
Dec 16, 2025
| // ssl-multicert subcommand | ||
| auto &ssl_multicert_command = | ||
| config_command.add_command("ssl-multicert", "Manage ssl_multicert configuration").require_commands(); | ||
| ssl_multicert_command.add_command("show", "Show the ssl_multicert configuration in JSON format", Command_Execute) |
Contributor
There was a problem hiding this comment.
By default is JSON?? does it make sense to drop YAML too? should be straight forward as the YAML node is what we read from the file.?
if so, I'd suggest using mutex groups for the options.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Replace the ssl_multicert.config format with YAML format, following the pattern established by sni.yaml. The new ssl_multicert.yaml uses a top-level 'ssl_multicert' key containing a sequence of certificate entries.
This also supports config conversion via:
Community Decisions
traffic_ctl config convertper @cmcfarlen 's suggestion.At least for ssl_multicert, either of these options are possible from an implementation standpoint.
@cmcfarlen had an interesting suggestion to bake the config conversion logic into traffic_ctl. Maybe have something like: