DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix --enable-dynamic-certificates for nested subdomain

Browse source
This commit is contained in:
Maxime Ginters 2018-12-11 14:43:26 -05:00
parent 19b3b6be0c
commit ff8bfb6a86
2 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
rootfs/etc/nginx/lua/certificate.lua
View file

@ -32,7 +32,7 @@ local function get_pem_cert_key(hostname)
return pem_cert_key return pem_cert_key
end end
local wildcard_hosatname, _, err = re_sub(hostname, "^.+\\.", "*.", "jo") local wildcard_hosatname, _, err = re_sub(hostname, "^[^\\.]+\\.", "*.", "jo")
if err then if err then
ngx.log(ngx.ERR, "error: ", err) ngx.log(ngx.ERR, "error: ", err)
return pem_cert_key return pem_cert_key

14
rootfs/etc/nginx/lua/test/certificate_test.lua
View file

@ -78,6 +78,20 @@ describe("Certificate", function()
assert.spy(ssl.set_der_priv_key).was_called_with(ssl.priv_key_pem_to_der(PEM_CERT_KEY)) assert.spy(ssl.set_der_priv_key).was_called_with(ssl.priv_key_pem_to_der(PEM_CERT_KEY))
end) end)
it("successfully sets SSL certificate and key for nested wildcard cert", function()
ssl.server_name = function() return "sub.nested.hostname", nil end
ngx.shared.certificate_data:set("*.nested.hostname", PEM_CERT_KEY)
spy.on(ngx, "log")
spy.on(ssl, "set_der_cert")
spy.on(ssl, "set_der_priv_key")
assert.has_no.errors(certificate.call)
assert.spy(ngx.log).was_not_called_with(ngx.ERR, _)
assert.spy(ssl.set_der_cert).was_called_with(ssl.cert_pem_to_der(PEM_CERT_KEY))
assert.spy(ssl.set_der_priv_key).was_called_with(ssl.priv_key_pem_to_der(PEM_CERT_KEY))
end)
it("logs error message when certificate in dictionary is invalid", function() it("logs error message when certificate in dictionary is invalid", function()
ngx.shared.certificate_data:set("hostname", "something invalid") ngx.shared.certificate_data:set("hostname", "something invalid")