Skip to content

fix: generate unique SSL IDs to prevent certificate conflicts across different hosts #2592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

fix: generate unique SSL IDs to prevent certificate conflicts across different hosts #2592

wants to merge 8 commits into from
+158 −86

Conversation

ronething
Copy link
Contributor

@ronething ronething commented Oct 9, 2025
edited
Loading

Type of change:

  • Bugfix
  • New feature provided
  • Improve performance
  • Backport patches
  • Documentation
  • Refactor
  • Chore
  • CI/CD or Tests

What this PR does / why we need it:

Previously, SSL objects used certificate content to generate IDs (id.GenID(string(cert))).
When the same certificate was referenced by multiple resources (e.g., ApisixTls and Ingress) with different hostnames, they would generate the same SSL ID, causing conflicts where only one SSL object would be created and this may cause error. So we change the ssl id generate logic.

This ensures each TLS configuration creates a unique SSL object, even when using the same certificate.

And, because CI has been occurring errors, the tcproute test case was also fixed.

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

@ronething
fix: ssl id generate logic
18b1bde 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
fix: r
8eedc47 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
Merge remote-tracking branch 'origin/master' into fix/ssl_id
23904b3 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
fix: r
fcb3b9e 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
fix: r
af9d884 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething ronething changed the title fix: change ssl id generate logic. fix: generate unique SSL IDs to prevent certificate conflicts across different hosts Oct 9, 2025
@ronething ronething marked this pull request as ready for review October 9, 2025 10:24
@ronething
fix: r
678b0bf 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
test: x
c530972 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething
fix: r
ee20ba4 
Signed-off-by: Ashing Zheng <[email protected]>
@ronething ronething mentioned this pull request Oct 10, 2025
Open
12 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Revolyssup Revolyssup Revolyssup approved these changes

@AlinsRan AlinsRan Awaiting requested review from AlinsRan

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ronething @Revolyssup