From 42c207c548712fece4e6bd38dd53fcbfd0a9ebd8 Mon Sep 17 00:00:00 2001
From: Elvin Efendi <elvin.efendiyev@gmail.com>
Date: Fri, 12 Apr 2019 01:12:57 -0400
Subject: [PATCH] handle default certificate correctly in Lua

---
 rootfs/etc/nginx/lua/certificate.lua | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua
index 841765b29e..03b23de15e 100644
--- a/rootfs/etc/nginx/lua/certificate.lua
+++ b/rootfs/etc/nginx/lua/certificate.lua
@@ -4,6 +4,8 @@ local re_sub = ngx.re.sub
 
 local _M = {}
 
+local DEFAULT_CERT_HOSTNAME = "_"
+
 local function set_pem_cert_key(pem_cert_key)
   local der_cert, der_cert_err = ssl.cert_pem_to_der(pem_cert_key)
   if not der_cert then
@@ -47,21 +49,19 @@ end
 function _M.call()
   local hostname, hostname_err = ssl.server_name()
   if hostname_err then
-    ngx.log(ngx.ERR, "Error getting the hostname, falling back on default certificate: " .. hostname_err)
-    return
+    ngx.log(ngx.ERR, "error while obtaining hostname: " .. hostname_err)
   end
   if not hostname then
-    ngx.log(ngx.INFO, "hostname can not be obtained, falling back to default certificate")
-    return
+    ngx.log(ngx.INFO, "obtained hostname is nil (the client does not support SNI?), falling back to default certificate")
+    hostname = DEFAULT_CERT_HOSTNAME
   end
 
   local pem_cert_key = get_pem_cert_key(hostname)
   if not pem_cert_key then
-    ngx.log(ngx.ERR, "Certificate not found, falling back on default certificate for hostname: " .. tostring(hostname))
-    return
+    pem_cert_key = get_pem_cert_key(DEFAULT_CERT_HOSTNAME)
   end
-  if pem_cert_key == "" then
-    ngx.log(ngx.ERR, "Certificate is empty, falling back on default certificate for hostname: " .. tostring(hostname))
+  if not pem_cert_key then
+    ngx.log(ngx.ERR, "certificate not found, falling back to fake certificate for hostname: " .. tostring(hostname))
     return
   end