fix(stream): initialize env and secret for TLS cert resolution #12935
Conversation
dosubot
bot
added
size:XS
|
Hi @suryaparua-official, we need add test case for this fix |
dosubot
bot
added
size:M
|
I’ve added a Stream TLS test covering |
t/stream-node/tls.t
Outdated
| END { | ||
| delete $ENV{APISIX_STREAM_ENV_CERT}; | ||
| delete $ENV{APISIX_STREAM_ENV_KEY}; | ||
| } |
There was a problem hiding this comment.
It is recommended to remove the END {} block; manual cleanup of these environment variables is not required.
| BEGIN { | ||
| use t::APISIX; | ||
|
|
||
| $ENV{APISIX_STREAM_ENV_CERT} = t::APISIX::read_file("t/certs/apisix.crt"); | ||
| $ENV{APISIX_STREAM_ENV_KEY} = t::APISIX::read_file("t/certs/apisix.key"); | ||
| } |
There was a problem hiding this comment.
You can refer to https://github.com/apache/apisix/blob/master/t/node/ssl.t#L18-L33
| release table plugins | ||
| release table api_ctx | ||
| === TEST 6: stream tls supports $ENV certificate reference |
There was a problem hiding this comment.
Test cases for $secret:// should also be added to ensure complete coverage.
Baoyuantop
added
the
wait for update
dosubot
bot
added
size:L
|
I’ve added test coverage for |
2 participants
Description
This PR fixes an issue where
$ENV://and$secret://certificate referenceswere not resolved in Stream TLS mode.
While the same configuration works correctly in HTTP, Stream TLS was passing
the raw reference strings directly to OpenSSL, which resulted in TLS handshake
failures.
Root cause
The Stream lifecycle was missing initializations that already exist in HTTP:
core.env.init()andapisix_secret.init_worker().Because of this, environment variables and secrets were not available when
certificates were loaded during the TLS handshake.
Fix
This change aligns Stream initialization with HTTP by initializing the
environment and secret subsystems for Stream.
Notes
This change follows the same initialization flow already used in HTTP mode
and addresses the missing setup in Stream TLS.
Related issue
Fixes #12934