Skip to content

Conversation

@kannanjgithub
Copy link
Contributor

@kannanjgithub kannanjgithub commented Oct 16, 2025

This is to allow the previous behavior if needed, and when the xds channel authority is used as the SNI, it won't be used for the SAN validation.

@Nullable protected final CertificateValidationContext staticCertificateValidationContext;
@Nullable protected AbstractMap.SimpleImmutableEntry<SslContext, X509TrustManager>
sslContextAndTrustManager;
protected boolean autoSniSanValidationDoesNotApply;
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made this a settable field that is set separately instead of making it a final field in CertProviderClientSslContextProvider where it ideally belongs, in order to avoid having to propagate the boolean via the cert provider factory methods and having to add the boolean to the cache key as well.

@kannanjgithub kannanjgithub requested a review from ejona86 October 16, 2025 17:41
@kannanjgithub kannanjgithub force-pushed the xdsAuthorityFallbackFlag branch from bc2699a to 79ebe40 Compare October 17, 2025 15:05
@kannanjgithub kannanjgithub merged commit 7ea4744 into grpc:master Oct 21, 2025
26 of 30 checks passed
@kannanjgithub kannanjgithub deleted the xdsAuthorityFallbackFlag branch October 21, 2025 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants