From ad460e16ce2100f79e67a5ec70a4b138abd43ce2 Mon Sep 17 00:00:00 2001
From: Manuel Alejandro de Brito Fontes <aledbf@gmail.com>
Date: Sat, 7 Mar 2020 21:15:24 -0300
Subject: [PATCH] Avoid secret without tls.crt and tls.key but a valid ca.crt
 (#5225)

---
 internal/ingress/controller/controller.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go
index b0e6efce5..e943e5717 100644
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@@ -1111,6 +1111,13 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 				continue
 			}
 
+			if cert.Certificate == nil {
+				klog.Warningf("SSL certificate %q does not contain a valid SSL certificate for server %q", secrKey, host)
+				klog.Warningf("Using default certificate")
+				servers[host].SSLCert = n.getDefaultSSLCertificate()
+				continue
+			}
+
 			err = cert.Certificate.VerifyHostname(host)
 			if err != nil {
 				klog.Warningf("Unexpected error validating SSL certificate %q for server %q: %v", secrKey, host, err)