From f3b7bb1d8b8904c1126701c8183cc92b1f375d7f Mon Sep 17 00:00:00 2001
From: Andrei Zhozhin <andrei.zhozhin@gmail.com>
Date: Mon, 30 Jan 2023 13:41:29 +0000
Subject: [PATCH] change SSLConfCommand from string to []string

---
 internal/ingress/controller/config/config.go | 5 +++--
 rootfs/etc/nginx/template/nginx.tmpl         | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/internal/ingress/controller/config/config.go b/internal/ingress/controller/config/config.go
index def5ef7f1..430662144 100644
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@@ -339,7 +339,7 @@ type Configuration struct {
 
 	// Allows configuration of arbitrary OpenSSL configuration
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_conf_command
-	SSLConfCommand string `json:"ssl-conf-command,omitempty"`
+	SSLConfCommand []string `json:"ssl-conf-command,omitempty"`
 
 	// Enabled ciphers list to enabled. The ciphers are specified in the format understood by
 	// the OpenSSL library
@@ -777,6 +777,7 @@ func NewDefault() Configuration {
 	defBlockEntity := make([]string, 0)
 	defNginxStatusIpv4Whitelist := make([]string, 0)
 	defNginxStatusIpv6Whitelist := make([]string, 0)
+        defSSLConfCommand := make([]string, 0)
 	defResponseHeaders := make([]string, 0)
 	defIPCIDR = append(defIPCIDR, "0.0.0.0/0")
 	defNginxStatusIpv4Whitelist = append(defNginxStatusIpv4Whitelist, "127.0.0.1")
@@ -846,7 +847,7 @@ func NewDefault() Configuration {
 		ReusePort:                        true,
 		ShowServerTokens:                 false,
 		SSLBufferSize:                    sslBufferSize,
-		SSLConfCommand:                   "",
+		SSLConfCommand:                   defSSLConfCommand,
 		SSLCiphers:                       sslCiphers,
 		SSLECDHCurve:                     "auto",
 		SSLProtocols:                     sslProtocols,
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 8e4872bf7..4fc985086 100755
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -452,7 +452,8 @@ http {
 
     {{ if not (empty $cfg.SSLCiphers) }}
     # allow to specify specific openssl commands
-    ssl_conf_command {{ $cfg.SSLConfCommand }};
+    {{ range $sslConfCmd := $cfg.SSLConfCommand }}
+    ssl_conf_command {{ $sslConfCmd }};
     {{ end }}
 
     {{ if not (empty $cfg.SSLCiphers) }}