From c775b439dca0a383f3d70f0599e49e58b4b5a4f5 Mon Sep 17 00:00:00 2001 From: Andreas Sommer Date: Tue, 28 Apr 2020 11:07:04 +0200 Subject: [PATCH] Case-insensitive TLS host matching --- internal/ingress/controller/controller.go | 7 +++-- .../ingress/controller/controller_test.go | 27 +++++++++++++++++++ 2 files changed, 32 insertions(+), 2 deletions(-) diff --git a/internal/ingress/controller/controller.go b/internal/ingress/controller/controller.go index da7420c8b7..57edd9d403 100644 --- a/internal/ingress/controller/controller.go +++ b/internal/ingress/controller/controller.go @@ -1351,9 +1351,12 @@ func extractTLSSecretName(host string, ing *ingress.Ingress, } // naively return Secret name from TLS spec if host name matches + lowercaseHost := toLowerCaseASCII(host) for _, tls := range ing.Spec.TLS { - if sets.NewString(tls.Hosts...).Has(host) { - return tls.SecretName + for _, tlsHost := range tls.Hosts { + if toLowerCaseASCII(tlsHost) == lowercaseHost { + return tls.SecretName + } } } diff --git a/internal/ingress/controller/controller_test.go b/internal/ingress/controller/controller_test.go index a812d56eb6..0dfc1533aa 100644 --- a/internal/ingress/controller/controller_test.go +++ b/internal/ingress/controller/controller_test.go @@ -818,6 +818,33 @@ func TestExtractTLSSecretName(t *testing.T) { }, "demo", }, + "ingress tls, hosts, matching cert cn, uppercase host": { + "FOO.BAR", + &ingress.Ingress{ + Ingress: networking.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + Spec: networking.IngressSpec{ + TLS: []networking.IngressTLS{ + { + Hosts: []string{"foo.bar", "example.com"}, + SecretName: "demo", + }, + }, + Rules: []networking.IngressRule{ + { + Host: "foo.bar", + }, + }, + }, + }, + }, + func(string) (*ingress.SSLCert, error) { + return nil, nil + }, + "demo", + }, } for title, tc := range testCases {