DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #1351 from aledbf/check-certificate

Browse source 
[nginx-ingress-controller]: Avoid generation of invalid ssl certificates
This commit is contained in:
Prashanth B 2016-07-20 13:36:23 -07:00 committed by GitHub
commit bff40d7c14
1 changed files with 7 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
controllers/nginx/nginx/ssl.go
View file

@ -63,17 +63,18 @@ func (nginx *Manager) AddOrUpdateCertAndKey(name string, cert string, key string
return SSLCert{}, fmt.Errorf("Couldn't close temp pem file %v: %v", temporaryPemFile.Name(), err) return SSLCert{}, fmt.Errorf("Couldn't close temp pem file %v: %v", temporaryPemFile.Name(), err)
} }
cn, err := nginx.commonNames(temporaryPemFile.Name())
if err != nil {
os.Remove(temporaryPemFile.Name())
return SSLCert{}, err
}
err = os.Rename(temporaryPemFile.Name(), pemFileName) err = os.Rename(temporaryPemFile.Name(), pemFileName)
if err != nil { if err != nil {
os.Remove(temporaryPemFile.Name()) os.Remove(temporaryPemFile.Name())
return SSLCert{}, fmt.Errorf("Couldn't move temp pem file %v to destination %v: %v", temporaryPemFile.Name(), pemFileName, err) return SSLCert{}, fmt.Errorf("Couldn't move temp pem file %v to destination %v: %v", temporaryPemFile.Name(), pemFileName, err)
} }
cn, err := nginx.commonNames(pemFileName)
if err != nil {
return SSLCert{}, err
}
return SSLCert{ return SSLCert{
CertFileName: cert, CertFileName: cert,
KeyFileName: key, KeyFileName: key,
@ -107,7 +108,7 @@ func (nginx *Manager) commonNames(pemFileName string) ([]string, error) {
cn = append(cn, cert.DNSNames...) cn = append(cn, cert.DNSNames...)
} }
glog.V(2).Infof("DNS %v %v\n", cn, len(cn)) glog.V(2).Infof("found %v common names: %v\n", cn, len(cn))
return cn, nil return cn, nil
} }