DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #851 from databus23/patch-1

Browse source 
ensure private key and certificate match
This commit is contained in:
Manuel Alejandro de Brito Fontes 2017-06-13 10:00:23 -04:00 committed by GitHub
commit f5a6b79dbd
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
core/pkg/net/ssl/ssl.go
View file

@ -20,6 +20,7 @@ import (
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"crypto/sha1" "crypto/sha1"
"crypto/tls"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix" "crypto/x509/pkix"
"encoding/hex" "encoding/hex"
@ -90,6 +91,12 @@ func AddOrUpdateCertAndKey(name string, cert, key, ca []byte) (*ingress.SSLCert,
return nil, err return nil, err
} }
//Ensure that certificate and private key have a matching public key
if _, err := tls.X509KeyPair(cert, key); err != nil {
_ = os.Remove(tempPemFile.Name())
return nil, err
}
cn := []string{pemCert.Subject.CommonName} cn := []string{pemCert.Subject.CommonName}
if len(pemCert.DNSNames) > 0 { if len(pemCert.DNSNames) > 0 {
cn = append(cn, pemCert.DNSNames...) cn = append(cn, pemCert.DNSNames...)