From a13305185abf95fe2d6585a51d7ba1878aea711a Mon Sep 17 00:00:00 2001
From: gi mbu <slawek.wolak@gmail.com>
Date: Sun, 9 Jan 2022 18:06:00 +0100
Subject: [PATCH] generating SHA for CA only certs in backend_ssl.go +
 comparision of ProxySSL structures in types_equals.go (#8098)

---
 internal/ingress/controller/store/backend_ssl.go |  2 ++
 internal/ingress/types_equals.go                 | 12 ++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/internal/ingress/controller/store/backend_ssl.go b/internal/ingress/controller/store/backend_ssl.go
index 377f62015..41a5b2b40 100644
--- a/internal/ingress/controller/store/backend_ssl.go
+++ b/internal/ingress/controller/store/backend_ssl.go
@@ -154,6 +154,8 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 			return nil, fmt.Errorf("error configuring CA certificate: %v", err)
 		}
 
+		sslCert.CASHA = file.SHA1(sslCert.CAFileName)
+
 		if len(crl) > 0 {
 			err = ssl.ConfigureCRL(nsSecName, crl, sslCert)
 			if err != nil {
diff --git a/internal/ingress/types_equals.go b/internal/ingress/types_equals.go
index 18ffa9042..3e39940a3 100644
--- a/internal/ingress/types_equals.go
+++ b/internal/ingress/types_equals.go
@@ -317,6 +317,9 @@ func (s1 *Server) Equal(s2 *Server) bool {
 	if s1.AuthTLSError != s2.AuthTLSError {
 		return false
 	}
+	if !(&s1.ProxySSL).Equal(&s2.ProxySSL) {
+		return false
+	}
 
 	if len(s1.Locations) != len(s2.Locations) {
 		return false
@@ -401,6 +404,9 @@ func (l1 *Location) Equal(l2 *Location) bool {
 	if !(&l1.Proxy).Equal(&l2.Proxy) {
 		return false
 	}
+	if !(&l1.ProxySSL).Equal(&l2.ProxySSL) {
+		return false
+	}
 	if l1.UsePortInRedirects != l2.UsePortInRedirects {
 		return false
 	}
@@ -558,6 +564,12 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
 	if s1.PemSHA != s2.PemSHA {
 		return false
 	}
+	if s1.CAFileName != s2.CAFileName {
+		return false
+	}
+	if s1.CRLFileName != s2.CRLFileName {
+		return false
+	}
 	if !s1.ExpireTime.Equal(s2.ExpireTime) {
 		return false
 	}