DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Do not send empty certificates to nginx

Browse source
This commit is contained in:
Manuel Alejandro de Brito Fontes 2019-06-25 07:49:00 -04:00
parent d57fddebd7
commit 8ca5c1cba9
No known key found for this signature in database
GPG key ID: 786136016A8BA02A
2 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
internal/ingress/controller/nginx.go
View file

@ -994,6 +994,10 @@ func configureCertificates(pcfg *ingress.Configuration) error {
var servers []*ingress.Server
for _, server := range pcfg.Servers {
if server.SSLCert.PemCertKey == "" {
continue
}
servers = append(servers, &ingress.Server{
Hostname: server.Hostname,
SSLCert: ingress.SSLCert{
@ -1001,8 +1005,7 @@ func configureCertificates(pcfg *ingress.Configuration) error {
},
})
if server.Alias != "" && server.SSLCert.PemCertKey != "" &&
ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
if server.Alias != "" && ssl.IsValidHostname(server.Alias, server.SSLCert.CN) {
servers = append(servers, &ingress.Server{
Hostname: server.Alias,
SSLCert: ingress.SSLCert{
@ -1014,6 +1017,10 @@ func configureCertificates(pcfg *ingress.Configuration) error {
redirects := buildRedirects(pcfg.Servers)
for _, redirect := range redirects {
if redirect.SSLCert.PemCertKey == "" {
continue
}
servers = append(servers, &ingress.Server{
Hostname: redirect.From,
SSLCert: ingress.SSLCert{

2
internal/ingress/sslcert.go
View file

@ -43,7 +43,7 @@ type SSLCert struct {
// ExpiresTime contains the expiration of this SSL certificate in timestamp format
ExpireTime time.Time `json:"expires"`
// Pem encoded certificate and key concatenated
PemCertKey string `json:"pemCertKey"`
PemCertKey string `json:"pemCertKey,omitempty"`
}
// GetObjectKind implements the ObjectKind interface as a noop