Add additional check for old SSL certificates

2017-11-29 18:02:10 -03:00 · 2017-11-29 18:02:10 -03:00 · 930bd7f4f3
commit 930bd7f4f3
parent 37a230c56a
2 changed files with 117 additions and 2 deletions
--- a/internal/ingress/controller/controller.go
+++ b/internal/ingress/controller/controller.go
@ -1032,8 +1032,15 @@ func (n *NGINXController) createServers(data []*extensions.Ingress,
 			cert := bc.(*ingress.SSLCert)
 			err = cert.Certificate.VerifyHostname(host)
 			if err != nil {
-				glog.Warningf("ssl certificate %v does not contain a Common Name or Subject Alternative Name for host %v", key, host)
-				continue
+				glog.Warningf("unexpected error validating SSL certificate %v for host %v. Reason: %v", key, host, err)
+				glog.Warningf("Validating certificate against DNS names. This will be deprecated in a future version.")
+				// check the common name field
+				// https://github.com/golang/go/issues/22922
+				err := verifyHostname(host, cert.Certificate)
+				if err != nil {
+					glog.Warningf("ssl certificate %v does not contain a Common Name or Subject Alternative Name for host %v. Reason: %v", key, host, err)
+					continue
+				}
 			}

 			servers[host].SSLCertificate = cert.PemFileName