skip empty ocsp staple configuration (istio#45159)

Signed-off-by: Faseela K <[email protected]>
zhaohuabing · May 26, 2023 · d4aa7e5 · d4aa7e5
1 parent 0991774
commit d4aa7e5
Showing 1 changed file with 20 additions and 17 deletions.
diff --git a/pilot/pkg/xds/sds.go b/pilot/pkg/xds/sds.go
@@ -407,26 +407,29 @@ func toEnvoyTLSSecret(name string, certInfo *credscontroller.CertInfo, proxy *mo
  },
  })
  default:
+ tlsCertificate := &envoytls.TlsCertificate{
+ CertificateChain: &core.DataSource{
+ Specifier: &core.DataSource_InlineBytes{
+ InlineBytes: certInfo.Cert,
+ },
+ },
+ PrivateKey: &core.DataSource{
+ Specifier: &core.DataSource_InlineBytes{
+ InlineBytes: certInfo.Key,
+ },
+ },
+ }
+ if certInfo.Staple != nil {
+ tlsCertificate.OcspStaple = &core.DataSource{
+ Specifier: &core.DataSource_InlineBytes{
+ InlineBytes: certInfo.Staple,
+ },
+ }
+ }
  res = protoconv.MessageToAny(&envoytls.Secret{
  Name: name,
  Type: &envoytls.Secret_TlsCertificate{
- TlsCertificate: &envoytls.TlsCertificate{
- CertificateChain: &core.DataSource{
- Specifier: &core.DataSource_InlineBytes{
- InlineBytes: certInfo.Cert,
- },
- },
- PrivateKey: &core.DataSource{
- Specifier: &core.DataSource_InlineBytes{
- InlineBytes: certInfo.Key,
- },
- },
- OcspStaple: &core.DataSource{
- Specifier: &core.DataSource_InlineBytes{
- InlineBytes: certInfo.Staple,
- },
- },
- },
+ TlsCertificate: tlsCertificate,
  },
  })
  }