DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

handle default certificate correctly in Lua

Browse source
This commit is contained in:
Elvin Efendi 2019-04-12 01:12:57 -04:00
parent 417af76e97
commit 42c207c548
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
rootfs/etc/nginx/lua/certificate.lua
View file

@ -4,6 +4,8 @@ local re_sub = ngx.re.sub
local _M = {}
local DEFAULT_CERT_HOSTNAME = "_"
local function set_pem_cert_key(pem_cert_key)
local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key)
if not der_cert then
@ -47,21 +49,19 @@ end
function _M.call()
local hostname, hostname_err = ssl.server_name()
if hostname_err then
ngx.log(ngx.ERR, "Error getting the hostname, falling back on default certificate: " .. hostname_err)
return
ngx.log(ngx.ERR, "error while obtaining hostname: " .. hostname_err)
end
if not hostname then
ngx.log(ngx.INFO, "hostname can not be obtained, falling back to default certificate")
return
ngx.log(ngx.INFO, "obtained hostname is nil (the client does not support SNI?), falling back to default certificate")
hostname = DEFAULT_CERT_HOSTNAME
end
local pem_cert_key = get_pem_cert_key(hostname)
if not pem_cert_key then
ngx.log(ngx.ERR, "Certificate not found, falling back on default certificate for hostname: " .. tostring(hostname))
return
pem_cert_key = get_pem_cert_key(DEFAULT_CERT_HOSTNAME)
end
if pem_cert_key == "" then
ngx.log(ngx.ERR, "Certificate is empty, falling back on default certificate for hostname: " .. tostring(hostname))
if not pem_cert_key then
ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname))
return
end