xds: Remove isXdsSniEnabled and align SNI logic with gRFC A101#12625
Open
becomeStar wants to merge 2 commits intogrpc:masterfrom
Open
xds: Remove isXdsSniEnabled and align SNI logic with gRFC A101#12625becomeStar wants to merge 2 commits intogrpc:masterfrom
becomeStar wants to merge 2 commits intogrpc:masterfrom
Conversation
Remove the isXdsSniEnabled environment variable guard and the legacy logic that falls back to the channel authority for SNI. This aligns the implementation with gRFC A101, ensuring no SNI is sent if it is not explicitly determined by xDS configurations. Update the test suite by removing the isXdsSniEnabled flag and deleting test case that specifically verified behavior when the flag was set to false. Additionally, add a new test case to verify that SNI is omitted when none of the A101 conditions are met, ensuring the SNI field is not sent in the TLS handshake. Ref grpc#11784
becomeStar
changed the title
| sniToUse = grpcHandler.getAuthority(); | ||
| } else { | ||
| autoSniSanValidationDoesNotApply = false; | ||
| sniToUse = ""; |
Contributor
There was a problem hiding this comment.
This assignment is redundant.
Contributor
Author
There was a problem hiding this comment.
Thanks for the review.
I’ve updated the change to remove the empty-string SNI handling and the associated test. It seemed that treating an empty string as a special case was no longer necessary, so I simplified the logic accordingly.
Please let me know if this looks reasonable to you.
Remove handling that propagated an empty string as SNI when no SNI conditions were met. With the legacy authority-based fallback removed, omitting SNI is the intended behavior under gRFC A101. Relying on an empty string as an intermediate representation is unnecessary and couples behavior to an internal detail. This also removes a test that asserted the empty-string SNI, as it no longer reflects a stable or observable contract.
kannanjgithub
added
the
kokoro:run
Contributor
|
/gcbrun |
grpc-kokoro
removed
the
kokoro:run
kannanjgithub
approved these changes
Feb 5, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Remove the
isXdsSniEnabledenvironment variable guard and the legacy logic that falls back to the channel authority for SNI. This aligns the implementation with gRFC A101, ensuring no SNI is sent if it is not explicitly determined by xDS configurations.Changes
Update the test suite by removing the
isXdsSniEnabledflag and deleting test case that specifically verified behavior when the flag was set to false. Additionally, add a new test case to verify that SNI is omitted when none of the A101 conditions are met, ensuring the SNI field is not sent in the TLS handshake.Note for Reviewers
Some test files show large diffs because of re-indentation after removing
try-finallyblocks (since theisXdsSniEnabledflag is no longer needed). I recommend reviewing these files with the 'Hide whitespace changes' option enabled.Ref #11784