Allows overriding the server name used to verify the certificate of the proxied HTTPS server

internal/ingress/annotations/proxyssl/main.go

@@ -45,10 +45,11 @@ var (
 // and the configured VerifyDepth
 type Config struct {
 	resolver.AuthSSLCert
-	Ciphers     string `json:"ciphers"`
-	Protocols   string `json:"protocols"`
-	Verify      string `json:"verify"`
-	VerifyDepth int    `json:"verifyDepth"`
+	Ciphers                   string `json:"ciphers"`
+	Protocols                 string `json:"protocols"`
+	ProxySSLName              string `json:"proxySSLName"`
+	Verify                    string `json:"verify"`
+	VerifyDepth               int    `json:"verifyDepth"`
 }
 
 // Equal tests for equality between two Config types
@@ -143,6 +144,12 @@ func (p proxySSL) Parse(ing *networking.Ingress) (interface{}, error) {
 		config.Protocols = sortProtocols(config.Protocols)
 	}
 
+	config.ProxySSLName, err = parser.GetStringAnnotation("proxy-ssl-name", ing)
+	if err != nil {
+		e := errors.Wrap(err, "error obtaining proxy-ssl-name")
+		return &Config{}, ing_errors.LocationDenied{Reason: e}
+	}
+
 	config.Verify, err = parser.GetStringAnnotation("proxy-ssl-verify", ing)
 	if err != nil || !proxySSLOnOffRegex.MatchString(config.Verify) {
 		config.Verify = defaultProxySSLVerify

internal/ingress/annotations/proxyssl/main_test.go

@@ -94,6 +94,7 @@ func TestAnnotations(t *testing.T) {
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-session-reuse")] = "off"
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-verify")] = "on"
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-verify-depth")] = "3"
+	data[parser.GetAnnotationWithPrefix("proxy-ssl-name")] = "testname.namespace"
 
 	ing.SetAnnotations(data)
 
@@ -128,6 +129,10 @@ func TestAnnotations(t *testing.T) {
 	if u.VerifyDepth != 3 {
 		t.Errorf("expected %v but got %v", 3, u.VerifyDepth)
 	}
+	if u.ProxySSLName != "testname.namespace" {
+		t.Errorf("expected %v but got %v", "testname.namespace", u.ProxySSLName)
+	}
+
 }
 
 func TestInvalidAnnotations(t *testing.T) {