DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allows overriding the server name used to verify the certificate of the proxied HTTPS server

Browse source
This commit is contained in:
schaefec 2019-10-04 08:19:31 +01:00 committed by Laszlo Janosi
parent 35264d6e8f
commit 141ea59b7f
4 changed files with 22 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
internal/ingress/annotations/proxyssl/main.go
View file

@ -45,10 +45,11 @@ var (
// and the configured VerifyDepth
type Config struct {
resolver.AuthSSLCert
Ciphers string `json:"ciphers"`
Protocols string `json:"protocols"`
Verify string `json:"verify"`
VerifyDepth int `json:"verifyDepth"`
Ciphers string `json:"ciphers"`
Protocols string `json:"protocols"`
ProxySSLName string `json:"proxySSLName"`
Verify string `json:"verify"`
VerifyDepth int `json:"verifyDepth"`
}
// Equal tests for equality between two Config types
@ -143,6 +144,12 @@ func (p proxySSL) Parse(ing *networking.Ingress) (interface{}, error) {
config.Protocols = sortProtocols(config.Protocols)
}
config.ProxySSLName, err = parser.GetStringAnnotation("proxy-ssl-name", ing)
if err != nil {
e := errors.Wrap(err, "error obtaining proxy-ssl-name")
return &Config{}, ing_errors.LocationDenied{Reason: e}
}
config.Verify, err = parser.GetStringAnnotation("proxy-ssl-verify", ing)
if err != nil || !proxySSLOnOffRegex.MatchString(config.Verify) {
config.Verify = defaultProxySSLVerify