Avoid secret without tls.crt and tls.key but a valid ca.crt (#5225)

2020-03-07 21:15:24 -03:00 · 2020-03-07 21:15:24 -03:00 · ad460e16ce
commit ad460e16ce
parent 0c9db55265
1 changed files with 7 additions and 0 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -1111,6 +1111,13 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
 				continue
 			}

+			if cert.Certificate == nil {
+				klog.Warningf("SSL certificate %q does not contain a valid SSL certificate for server %q", secrKey, host)
+				klog.Warningf("Using default certificate")
+				servers[host].SSLCert = n.getDefaultSSLCertificate()
+				continue
+			}
+
 			err = cert.Certificate.VerifyHostname(host)
 			if err != nil {
 				klog.Warningf("Unexpected error validating SSL certificate %q for server %q: %v", secrKey, host, err)