When APICAST_PATH_ROUTING is enabled and a request arrives over HTTPS, APIcast logs the following line:

Configured to do path-based routing, but it is not compatible with TLS. Falling back to routing by host.

However that is not true, path routing keeps being used as the service-finder algorithm, even with TLS, but in that case the ssl_certificate phase of any policy in the policy chain is skipped.

Currently the only policy that is executing any logic in this phase is the TLS Termination Policy, so the result is that when path routing is enabled, TLS works when it's configured via environment variables, but it will not work when configured with the TLS Termination policy. More generically any policy (in the local chain) that executes the ssl_certificate phase won't work properly when path routing is enabled.

APIcast used to behave as the log describes (falling back to host-based routing), but with this commit apparently we decided to keep the path routing logic in place and postpone the service selection to the rewrite phase. This results in policies only being added to the local (service scoped) policy chain during the rewrite phase and therefore any ssl_certificate phases of policies configured on services will be skipped.

If the behaviour described in the log is the right one we should revert the change in the commit, otherwise we'd need to fix the log statement.