handle default certificate correctly in Lua

lspas-volvo · Apr 13, 2019 · 42c207c · 42c207c
1 parent 417af76
commit 42c207c
Showing 1 changed file with 8 additions and 8 deletions.
diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua
@@ -4,6 +4,8 @@ local re_sub = ngx.re.sub
 
 local _M = {}
 
+local DEFAULT_CERT_HOSTNAME = "_"
+
 local function set_pem_cert_key(pem_cert_key)
   local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key)
   if not der_cert then
@@ -47,21 +49,19 @@ end
 function _M.call()
   local hostname, hostname_err = ssl.server_name()
   if hostname_err then
-    ngx.log(ngx.ERR, "Error getting the hostname, falling back on default certificate: " .. hostname_err)
-    return
+    ngx.log(ngx.ERR, "error while obtaining hostname: " .. hostname_err)
   end
   if not hostname then
-    ngx.log(ngx.INFO, "hostname can not be obtained, falling back to default certificate")
-    return
+    ngx.log(ngx.INFO, "obtained hostname is nil (the client does not support SNI?), falling back to default certificate")
+    hostname = DEFAULT_CERT_HOSTNAME
   end
 
   local pem_cert_key = get_pem_cert_key(hostname)
   if not pem_cert_key then
-    ngx.log(ngx.ERR, "Certificate not found, falling back on default certificate for hostname: " .. tostring(hostname))
-    return
+    pem_cert_key = get_pem_cert_key(DEFAULT_CERT_HOSTNAME)
   end
-  if pem_cert_key == "" then
-    ngx.log(ngx.ERR, "Certificate is empty, falling back on default certificate for hostname: " .. tostring(hostname))
+  if not pem_cert_key then
+    ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname))
     return
   end