DevFW-CICD/ingress-nginx-helm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #4274 from ElvinEfendi/support-trailing-dot

Browse source 
Support trailing dot
This commit is contained in:
Kubernetes Prow Robot 2019-07-04 16:00:36 -07:00 committed by GitHub
commit 17d99c4aba
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 22 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
rootfs/etc/nginx/lua/certificate.lua
View file

@ -28,7 +28,9 @@ local function set_pem_cert_key(pem_cert_key)
end end
end end
local function get_pem_cert_key(hostname) local function get_pem_cert_key(raw_hostname)
local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
local pem_cert_key = configuration.get_pem_cert_key(hostname) local pem_cert_key = configuration.get_pem_cert_key(hostname)
if pem_cert_key then if pem_cert_key then
return pem_cert_key return pem_cert_key

14
rootfs/etc/nginx/lua/test/certificate_test.lua
View file

@ -66,6 +66,20 @@ describe("Certificate", function()
assert_certificate_is_set(EXAMPLE_CERT) assert_certificate_is_set(EXAMPLE_CERT)
end) end)
it("sets certificate and key for domain with trailing dot", function()
ssl.server_name = function() return "hostname.", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
assert_certificate_is_set(EXAMPLE_CERT)
end)
it("fallbacks to default certificate and key for domain with many trailing dots", function()
ssl.server_name = function() return "hostname..", nil end
ngx.shared.certificate_data:set("hostname", EXAMPLE_CERT)
assert_certificate_is_set(DEFAULT_CERT)
end)
it("sets certificate and key for nested wildcard cert", function() it("sets certificate and key for nested wildcard cert", function()
ssl.server_name = function() return "sub.nested.hostname", nil end ssl.server_name = function() return "sub.nested.hostname", nil end
ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT) ngx.shared.certificate_data:set("*.nested.hostname", EXAMPLE_CERT)

5
test/e2e/lua/dynamic_certificates.go
View file

@ -130,6 +130,11 @@ var _ = framework.IngressNginxDescribe("Dynamic Certificate", func() {
ensureHTTPSRequest(f.GetURL(framework.HTTPS), host, host) ensureHTTPSRequest(f.GetURL(framework.HTTPS), host, host)
}) })
/*
TODO(elvinefendi): this test currently does not work as expected
because Go transport code strips (https://github.com/golang/go/blob/431b5c69ca214ce4291f008c1ce2a50b22bc2d2d/src/crypto/tls/handshake_messages.go#L424)
trailing dot from SNI as suggest by the standard (https://tools.ietf.org/html/rfc6066#section-3).
*/
It("supports requests with domain with trailing dot", func() { It("supports requests with domain with trailing dot", func() {
ensureHTTPSRequest(f.GetURL(framework.HTTPS), host+".", host) ensureHTTPSRequest(f.GetURL(framework.HTTPS), host+".", host)
}) })