Use default if failing to read the custom cert

jcmoraisjr · Dec 6, 2017 · 1222420 · 1222420
1 parent 3fbf446
commit 1222420
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/pkg/common/ingress/controller/controller.go b/pkg/common/ingress/controller/controller.go
@@ -1084,25 +1084,28 @@ func (ic *GenericController) createServers(data []*extensions.Ingress,
 				continue
 			}
 
+			// From now we want TLS. If assigning a custom
+			// crt failed we end up with the default cert
+			servers[host].SSLCertificate = defaultPemFileName
+			servers[host].SSLPemChecksum = defaultPemSHA
+
 			if tlsSecretName == "" {
 				glog.V(3).Infof("host %v is listed on tls section but secretName is empty. Using default cert", host)
-				servers[host].SSLCertificate = defaultPemFileName
-				servers[host].SSLPemChecksum = defaultPemSHA
 				continue
 			}
 
 			key := ic.GetFullResourceName(tlsSecretName, ing.Namespace)
 			bc, exists := ic.sslCertTracker.Get(key)
 			if !exists {
-				glog.Warningf("ssl certificate \"%v\" does not exist in local store", key)
+				glog.Warningf("ssl certificate \"%v\" does not exist in local store. Using the default cert", key)
 				continue
 			}
 
 			cert := bc.(*ingress.SSLCert)
 			if ic.cfg.VerifyHostname {
 				err = cert.Certificate.VerifyHostname(host)
 				if err != nil {
-					glog.Warningf("ssl certificate %v does not contain a Subject Alternative Name for host %v", key, host)
+					glog.Warningf("ssl certificate %v does not contain a Subject Alternative Name for host %v. Using the default cert", key, host)
 					continue
 				}
 			}