Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow ssl_certs_dir to be unset. #787

Merged
merged 1 commit into from
Jul 3, 2014
Merged

Allow ssl_certs_dir to be unset. #787

merged 1 commit into from
Jul 3, 2014

Conversation

tdb
Copy link
Contributor

@tdb tdb commented Jul 2, 2014

In some cases we don't want SSLCACertificatePath to be set at all. If we're using SSLCACertificateFile instead to verify clients we might want that to be the only CA used. Most other options in this template are optional, so I don't see why this one can't be too.

@tdb
Allow ssl_certs_dir to be unset.
bec6a5f 
In some cases we don't want SSLCACertificatePath to be set at all.
If we're using SSLCACertificateFile instead to verify clients we
might want that to be the only CA used. Most other options in this
template are optional, so I don't see why this one can't be too.
apenney pushed a commit that referenced this pull request Jul 3, 2014
Merge pull request #787 from tdb/allow-unset-ssl_certs_dir
04b74e4 
Allow ssl_certs_dir to be unset.
@apenney apenney merged commit 04b74e4 into puppetlabs:master Jul 3, 2014
@vinzent vinzent mentioned this pull request Oct 24, 2014
Merged
underscorgan pushed a commit to underscorgan/puppetlabs-apache that referenced this pull request Nov 7, 2014
@vinzent
(MODULES-1457) apache::vhost: SSLCACertificatePath can't be unset
760a344 
The SSLCACertificatePath is always set. The check for @ssl_certs_dir only
covers "undef". As there is a default value in ::apache::params for
ssl_certs_dir it needs to be overriden with an empty string.

Right now the _ssl.erb template outputs 'SSLCACertificatePath ""' for an empty
string, which triggers a failing reload of httpd.

This patch just adds a "&& @ssl_certs_dir != ''" to the condition.

On a Puppet master passenger vhost it's probably  security relevant setting,
as it enables all system CA signed certificates access.

Related patch: puppetlabs#787
traylenator pushed a commit to traylenator/puppetlabs-apache that referenced this pull request Jun 7, 2022
@chelnak
Merge pull request puppetlabs#787 from Vincevrp/patch-1
f71f0ba 
Fix missing comma in docker::image example
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tdb @apenney @GSPatton