From 5c8522cdab35b5541ea3d3108c6ee2826fd2eb20 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kamil=20Doma=C5=84ski?= <kamil@domanski.co>
Date: Fri, 6 Dec 2019 11:40:04 +0100
Subject: [PATCH] apply default certificate again in cases of invalid or
 incomplete cert config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Kamil Domański <kamil@domanski.co>
---
 internal/ingress/controller/controller.go        | 3 +++
 internal/ingress/controller/template/template.go | 6 ------
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go
index 13d484d96..48a60424c 100644
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@@ -1115,6 +1115,7 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 			tlsSecretName := extractTLSSecretName(host, ing, n.store.GetLocalSSLCert)
 			if tlsSecretName == "" {
 				klog.V(3).Infof("Host %q is listed in the TLS section but secretName is empty. Using default certificate.", host)
+				servers[host].SSLCert = n.getDefaultSSLCertificate()
 				continue
 			}
 
@@ -1122,6 +1123,7 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 			cert, err := n.store.GetLocalSSLCert(secrKey)
 			if err != nil {
 				klog.Warningf("Error getting SSL certificate %q: %v. Using default certificate", secrKey, err)
+				servers[host].SSLCert = n.getDefaultSSLCertificate()
 				continue
 			}
 
@@ -1136,6 +1138,7 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 					klog.Warningf("SSL certificate %q does not contain a Common Name or Subject Alternative Name for server %q: %v",
 						secrKey, host, err)
 					klog.Warningf("Using default certificate")
+					servers[host].SSLCert = n.getDefaultSSLCertificate()
 					continue
 				}
 			}
diff --git a/internal/ingress/controller/template/template.go b/internal/ingress/controller/template/template.go
index 2d671250a..85f9eae5f 100644
--- a/internal/ingress/controller/template/template.go
+++ b/internal/ingress/controller/template/template.go
@@ -1155,12 +1155,6 @@ func buildHTTPSListener(t interface{}, s interface{}) string {
 		return ""
 	}
 
-	/*
-		if server.SSLCert == nil && server.Hostname != "_" {
-			return ""
-		}
-	*/
-
 	co := commonListenOptions(tc, hostname)
 
 	addrV4 := []string{""}