generating SHA for CA only certs in backend_ssl.go + comparision of ProxySSL structures in types_equals.go (#8098)

internal/ingress/controller/store/backend_ssl.go

@@ -154,6 +154,8 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 			return nil, fmt.Errorf("error configuring CA certificate: %v", err)
 		}
 
+		sslCert.CASHA = file.SHA1(sslCert.CAFileName)
+
 		if len(crl) > 0 {
 			err = ssl.ConfigureCRL(nsSecName, crl, sslCert)
 			if err != nil {

internal/ingress/types_equals.go

@@ -317,6 +317,9 @@ func (s1 *Server) Equal(s2 *Server) bool {
 	if s1.AuthTLSError != s2.AuthTLSError {
 		return false
 	}
+	if !(&s1.ProxySSL).Equal(&s2.ProxySSL) {
+		return false
+	}
 
 	if len(s1.Locations) != len(s2.Locations) {
 		return false
@@ -401,6 +404,9 @@ func (l1 *Location) Equal(l2 *Location) bool {
 	if !(&l1.Proxy).Equal(&l2.Proxy) {
 		return false
 	}
+	if !(&l1.ProxySSL).Equal(&l2.ProxySSL) {
+		return false
+	}
 	if l1.UsePortInRedirects != l2.UsePortInRedirects {
 		return false
 	}
@@ -558,6 +564,12 @@ func (s1 *SSLCert) Equal(s2 *SSLCert) bool {
 	if s1.PemSHA != s2.PemSHA {
 		return false
 	}
+	if s1.CAFileName != s2.CAFileName {
+		return false
+	}
+	if s1.CRLFileName != s2.CRLFileName {
+		return false
+	}
 	if !s1.ExpireTime.Equal(s2.ExpireTime) {
 		return false
 	}