Skip to content

Commit

Permalink
Merge pull request #1216 from bmfurtado/MODULES-2655
Browse files Browse the repository at this point in the history
Change SSLProtocol in apache::vhost to be space separated
  • Loading branch information
igalic committed Oct 13, 2015
2 parents 22ed027 + bb5b27e commit 3a1a4e4
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 2 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3046,7 +3046,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce

##### `ssl_protocol`

Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'.
Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'.

##### `ssl_cipher`

Expand Down
27 changes: 27 additions & 0 deletions spec/acceptance/vhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -1339,4 +1339,31 @@ class { 'apache': }
it { is_expected.to be_file }
end
end

describe 'SSLProtocol directive' do
it 'applies cleanly' do
pp = <<-EOS
class { 'apache': }
apache::vhost { 'test.server':
docroot => '/tmp',
ssl_protocol => ['All', '-SSLv2'],
}
apache::vhost { 'test2.server':
docroot => '/tmp',
ssl_protocol => 'All -SSLv2',
}
EOS
apply_manifest(pp, :catch_failures => true)
end

describe file("#{$vhost_dir}/25-test.server.conf") do
it { is_expected.to be_file }
it { is_expected.to contain 'SSLProtocol All -SSLv2' }
end

describe file("#{$vhost_dir}/25-test2.server.conf") do
it { is_expected.to be_file }
it { is_expected.to contain 'SSLProtocol All -SSLv2' }
end
end
end
2 changes: 1 addition & 1 deletion templates/vhost/_ssl.erb
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
SSLProxyEngine On
<%- end -%>
<%- if @ssl_protocol -%>
SSLProtocol <%= @ssl_protocol %>
SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %>
<%- end -%>
<%- if @ssl_cipher -%>
SSLCipherSuite <%= @ssl_cipher %>
Expand Down

0 comments on commit 3a1a4e4

Please sign in to comment.