DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

dynamic cert mode should understand domain with trailing dot

Browse source
This commit is contained in:
Elvin Efendi 2019-07-04 17:30:25 -04:00
parent edf2b03c22
commit 0e5913310d
2 changed files with 17 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
rootfs/etc/nginx/lua/certificate.lua
View file

@ -28,7 +28,9 @@ local function set_pem_cert_key(pem_cert_key)
end
end
local function get_pem_cert_key(hostname)
local function get_pem_cert_key(raw_hostname)
local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
local pem_cert_key = configuration.get_pem_cert_key(hostname)
if pem_cert_key then
return pem_cert_key

14
rootfs/etc/nginx/lua/test/certificate_test.lua
View file

@ -66,6 +66,20 @@ describe("Certificate", function()
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("sets certificate and key for domain with trailing dot", function()
ssl.server_name = function() return "hostname.", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("fallbacks to default certificate and key for domain with many trailing dots", function()
ssl.server_name = function() return "hostname..", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
assert_certificate_is_set(DEFAULT_CERT)
end)
it("sets certificate and key for nested wildcard cert", function()
ssl.server_name = function() return "sub.nested.hostname", nil end
ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT)