Serve correct TLS certificate for requests with uppercase host

AndiDog · AndiDog · commit ab024c679e47 · 2020-06-05T17:19:09.000+02:00
diff --git a/rootfs/etc/nginx/lua/certificate.lua b/rootfs/etc/nginx/lua/certificate.lua
@@ -42,7 +42,10 @@ local function set_der_cert_and_key(der_cert, der_priv_key)
 end
 
 local function get_pem_cert_uid(raw_hostname)
-  local hostname = re_sub(raw_hostname, "\\.$", "", "jo")
+  -- Convert hostname to ASCII lowercase (see RFC 6125 6.4.1) so that requests with uppercase
+  -- host would lead to the right certificate being chosen (controller serves certificates for
+  -- lowercase hostnames as specified in Ingress object's spec.rules.host)
+  local hostname = re_sub(raw_hostname, "\\.$", "", "jo"):gsub("[A-Z]", function(c) return c:lower() end)
 
   local uid = certificate_servers:get(hostname)
   if uid then
