Allow multiple CA Certificates (#4556)

2019-09-13 09:22:24 -03:00 · 2019-09-13 09:22:24 -03:00 · 55820ef1e8
commit 55820ef1e8
parent fe4f178db1
4 changed files with 47 additions and 46 deletions
--- a/internal/ingress/controller/store/backend_ssl.go
+++ b/internal/ingress/controller/store/backend_ssl.go
@ -17,8 +17,6 @@ limitations under the License.
 package store

 import (
-	"crypto/sha1"
-	"encoding/hex"
 	"fmt"
 	"strings"

@ -107,11 +105,17 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 		}

 		if len(ca) > 0 {
+			caCert, err := ssl.CheckCACert(ca)
+			if err != nil {
+				return nil, fmt.Errorf("parsing CA certificate: %v", err)
+			}
+
 			path, err := ssl.StoreSSLCertOnDisk(nsSecName, sslCert)
 			if err != nil {
 				return nil, fmt.Errorf("error while storing certificate and key: %v", err)
 			}

+			sslCert.CACertificate = caCert
 			sslCert.CAFileName = path
 			sslCert.CASHA = file.SHA1(path)

@ -125,7 +129,6 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 				if err != nil {
 					return nil, fmt.Errorf("error configuring CRL certificate: %v", err)
 				}
-
 			}
 		}

@ -170,11 +173,6 @@ func (s *k8sStore) getPemCertificate(secretName string) (*ingress.SSLCert, error
 	sslCert.Name = secret.Name
 	sslCert.Namespace = secret.Namespace

-	hasher := sha1.New()
-	hasher.Write(sslCert.Certificate.Raw)
-
-	sslCert.PemSHA = hex.EncodeToString(hasher.Sum(nil))
-
 	// the default SSL certificate needs to be present on disk
 	if secretName == s.defaultSSLCertificate {
 		path, err := ssl.StoreSSLCertOnDisk(nsSecName, sslCert)