Skip to content

ssl_multicert.config -> ssl_multicert.yaml #12755

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bneradt wants to merge 6 commits into
base: 11-Dev
Choose a base branch
from
Open

ssl_multicert.config -> ssl_multicert.yaml #12755

bneradt wants to merge 6 commits into from
+3,286 −466

Conversation

@bneradt
Copy link
Contributor

@bneradt bneradt commented Dec 11, 2025
edited
Loading

Replace the ssl_multicert.config format with YAML format, following the pattern established by sni.yaml. The new ssl_multicert.yaml uses a top-level 'ssl_multicert' key containing a sequence of certificate entries.

This also supports config conversion via:

traffic_ctl config ssl_multicert <old_config> <new_config>

Community Decisions

  • Do we want these conversion scripts to be python or c++ files? This implements the conversion via traffic_ctl config convert per @cmcfarlen 's suggestion.
  • Do we want to support both the old and new formats at the same time? At 10.x, we transitioned to only supporting records.yaml, so we have that as maybe something of a precedent. This PR supports both the old and new formats, but we have to decide on our policy for the old formats for 11.

At least for ssl_multicert, either of these options are possible from an implementation standpoint.

@cmcfarlen had an interesting suggestion to bake the config conversion logic into traffic_ctl. Maybe have something like:

traffic_ctrl config convert ssl_multicert|plugins|... <old_path> <new_path>

@bneradt bneradt added this to the 11.0.0 milestone Dec 11, 2025
@bneradt bneradt self-assigned this Dec 11, 2025
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from 9b6767b to 4cb0241 Compare December 11, 2025 21:23
@bneradt bneradt mentioned this pull request Dec 11, 2025
Open
10 tasks
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch 6 times, most recently from 145da27 to 72e817d Compare December 12, 2025 21:08
@bryancall bryancall requested a review from Copilot December 15, 2025 22:38
Copilot AI reviewed Dec 15, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 198 out of 198 changed files in this pull request and generated 2 comments.

Comments suppressed due to low confidence (3)

tests/gold_tests/tls/tls_check_dual_cert_selection.test.py:56

  • The test is still using legacy format syntax in AddLines() after changing from ssl_multicert_config to ssl_multicert_yaml. Lines 53-56 contain legacy format entries like 'ssl_cert_name=signed-foo-ec.pem,signed-foo.pem' which should be converted to YAML format to match the migration pattern used consistently in other test files.
    tests/gold_tests/tls/tls_check_cert_select_plugin.test.py:52
  • Similar to tls_check_dual_cert_selection.test.py, this test is still using legacy format syntax after changing to ssl_multicert_yaml. Lines 49-52 should be converted to YAML format to be consistent with the migration pattern.
    tests/gold_tests/tls/tls_check_cert_selection_reload.test.py:46
  • This test is still using legacy format syntax in AddLines() after changing to ssl_multicert_yaml. Lines 44-46 contain legacy format entries which should be converted to YAML format for consistency.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

brbzull0
brbzull0 reviewed Dec 16, 2025
View reviewed changes
brbzull0
brbzull0 reviewed Dec 16, 2025
View reviewed changes
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from 3ad74ce to 63866b1 Compare January 2, 2026 20:07
@bryancall bryancall requested a review from cmcfarlen January 12, 2026 23:07
cmcfarlen
cmcfarlen requested changes Jan 13, 2026
View reviewed changes
Copy link
Contributor

@cmcfarlen cmcfarlen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the concept of having parsing code and conversions in one place. It's really clean to do the conversion natively with traffic_ctl. I do think the runtime code should also use this code to load config as well so there isn't code duplication.

@bneradt
ssl_multicert.config -> ssl_multicert.yaml
8bafb95 
Replace the ssl_multicert.config format with YAML format, following the
pattern established by sni.yaml. The new ssl_multicert.yaml uses a
top-level 'ssl_multicert' key containing a sequence of certificate
entries.

This also supports config conversion via:
traffic_ctl config ssl_multicert <old_config> <new_config>
@bneradt
to_json: use yamlcpp; support yaml output
ceb9033 
This also makes yaml the default traffic_ctl config ssl_multicert show format
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from 63866b1 to 408bf48 Compare January 13, 2026 23:30
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from 408bf48 to f551253 Compare January 13, 2026 23:45
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from 5424730 to 380ab35 Compare January 13, 2026 23:50
@bneradt bneradt force-pushed the convert_ssl_multicert_config_to_remap branch from bff0d7f to b87c368 Compare January 14, 2026 04:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@brbzull0 brbzull0 brbzull0 left review comments

Copilot code review Copilot Copilot left review comments

@cmcfarlen cmcfarlen cmcfarlen requested changes

Assignees

@bneradt bneradt

Labels

format SSL TLS

Projects

None yet

Milestone

11.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@bneradt @cmcfarlen @brbzull0