Skip to content

tls_manager: port tls partial files handling back to v0.20.x-branch #10422

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yyforyongyu merged 3 commits into from
Dec 5, 2025
Merged

tls_manager: port tls partial files handling back to v0.20.x-branch #10422

yyforyongyu merged 3 commits into from
Dec 5, 2025
+96 −2

Conversation

@mohamedawnallah
Copy link
Contributor

@mohamedawnallah mohamedawnallah commented Dec 4, 2025

backports #10399.

mohamedawnallah and others added 3 commits December 4, 2025 11:19
@mohamedawnallah
tls_manager_test.go: reproduce partial tls files handling
24de03d 
When there is only one of the tls pairs (key/certificate) and the
other is missing, the TLS manager currently assumes it exists
and ignore generating them. This results in error propgated to user
that the other tls pair file is missing/not found.
@thiagorb @mohamedawnallah
tls_manager.go: handle case when either TLS pair files exist
76b0701
@mohamedawnallah
docs: update release notes
222e038
@gemini-code-assist
Copy link

gemini-code-assist bot commented Dec 4, 2025

Summary of Changes

Hello @mohamedawnallah, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request backports a crucial fix to the v0.20.x-branch that enhances the resilience of the TLS manager. The change addresses an issue where the system could fail to initialize if only a partial TLS certificate/key pair was found on disk. By adjusting the regeneration logic and adding comprehensive tests, the TLS manager now reliably ensures that a complete and valid TLS pair is always present, preventing potential startup errors and improving overall system stability.

Highlights

  • TLS Manager Robustness: The TLS manager has been updated to correctly handle scenarios where only one of the TLS certificate or key files exists. Previously, this could lead to startup failures.
  • Conditional Logic Update: The generateCertPair function in tls_manager.go was modified to check for the existence of both the certificate and key files before deciding not to regenerate them. This ensures that if one is missing, both are regenerated.
  • New Test Case: A new test, TestGenerateCertPairWithPartialFiles, was added to tls_manager_test.go to verify that the TLS manager successfully regenerates the certificate and key pair when only one of the files is present.
  • Release Notes Update: The release notes for 0.20.1 have been updated to include this fix, providing clarity on the improved TLS manager behavior.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 4, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request backports a fix to the TLS manager to correctly handle cases where only one of the TLS certificate/key pair files exists on startup. The core logic change is simple and correct, changing an || to an && to ensure that the certificate pair is regenerated if either file is missing. A comprehensive table-driven test has been added to verify this new behavior for both partial file scenarios, which is great. My feedback is minor, focusing on improving the new test's maintainability by adding descriptive messages to assertions, which will aid in debugging potential future failures.

@saubyk saubyk added the back port candidate pr which should be back ported to last major release label Dec 4, 2025
@saubyk saubyk added this to the v0.20.1 milestone Dec 4, 2025
saubyk
saubyk approved these changes Dec 4, 2025
View reviewed changes
Copy link
Collaborator

@saubyk saubyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack.

Unsure about the change to the release notes though.

docs/release-notes/release-notes-0.20.1.md
in the mission control store. Now we skip over potential errors and also
delete them from the store.

* [Fixed an issue](https://github.com/lightningnetwork/lnd/pull/10399) where the
Copy link
Collaborator

@saubyk saubyk Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to make this change in the release notes in the back port pr? I am assuming it was handled in the original merge to master

Copy link
Contributor Author

@mohamedawnallah mohamedawnallah Dec 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to make this change in the release notes in the back port pr? I am assuming it was handled in the original merge to master

It mirrors this merged one: 2590593 as part of #10418

@yyforyongyu yyforyongyu merged commit ec480f0 into lightningnetwork:v0.20.x-branch Dec 5, 2025
38 of 40 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@saubyk saubyk saubyk approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@mohamedawnallah mohamedawnallah

Labels

back port candidate pr which should be back ported to last major release

Projects

None yet

Milestone

v0.20.1

Development

Successfully merging this pull request may close these issues.

4 participants

@mohamedawnallah @saubyk @yyforyongyu @thiagorb