Skip to content

Commit

Permalink
Merge pull request #1127 from tmuellerleile/add-openssl-conf-cmd
Browse files Browse the repository at this point in the history
Add ssl_openssl_conf_cmd param (apache::mod::ssl and apache::vhost)
  • Loading branch information
Morgan Haskel committed Jun 17, 2015
2 parents 22b2dd9 + c7ce06c commit 4c5e171
Show file tree
Hide file tree
Showing 7 changed files with 27 additions and 0 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -823,6 +823,7 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t
ssl_compression => false,
ssl_cryptodevice => 'builtin',
ssl_options => [ 'StdEnvVars' ],
ssl_openssl_conf_cmd => undef,
ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5',
ssl_honorcipherorder => 'On',
ssl_protocol => [ 'all', '-SSLv2', '-SSLv3' ],
Expand Down Expand Up @@ -2251,6 +2252,10 @@ An array:
}
```

#####`ssl_openssl_conf_cmd`

Sets the [SSLOpenSSLConfCmd](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslopensslconfcmd) directive, which provides direct configuration of OpenSSL parameters. Defaults to 'undef'.

#####`ssl_proxyengine`

Specifies whether or not to use [SSLProxyEngine](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxyengine). Valid values are 'true' and 'false'. Defaults to 'false'.
Expand Down
2 changes: 2 additions & 0 deletions manifests/mod/ssl.pp
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
$ssl_compression = false,
$ssl_cryptodevice = 'builtin',
$ssl_options = [ 'StdEnvVars' ],
$ssl_openssl_conf_cmd = undef,
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
$ssl_honorcipherorder = 'On',
$ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
Expand Down Expand Up @@ -57,6 +58,7 @@
# $ssl_cipher
# $ssl_honorcipherorder
# $ssl_options
# $ssl_openssl_conf_cmd
# $session_cache
# $ssl_mutex
# $ssl_random_seed_bytes
Expand Down
2 changes: 2 additions & 0 deletions manifests/vhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
$ssl_verify_client = undef,
$ssl_verify_depth = undef,
$ssl_options = undef,
$ssl_openssl_conf_cmd = undef,
$ssl_proxyengine = false,
$priority = undef,
$default_vhost = false,
Expand Down Expand Up @@ -729,6 +730,7 @@
# - $ssl_verify_client
# - $ssl_verify_depth
# - $ssl_options
# - $ssl_openssl_conf_cmd
# - $apache_version
if $ssl {
concat::fragment { "${name}-ssl":
Expand Down
9 changes: 9 additions & 0 deletions spec/classes/mod/ssl_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -136,5 +136,14 @@
end
it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})}
end

context 'setting ssl_openssl_conf_cmd' do
let :params do
{
:ssl_openssl_conf_cmd => 'DHParameters "foo.pem"',
}
end
it { is_expected.to contain_file('ssl.conf').with_content(/^\s+SSLOpenSSLConfCmd DHParameters "foo.pem"$/)}
end
end
end
3 changes: 3 additions & 0 deletions spec/defines/vhost_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,7 @@
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => '3',
'ssl_options' => '+ExportCertData',
'ssl_openssl_conf_cmd' => 'DHParameters "foo.pem"',
'ssl_proxyengine' => true,
'priority' => '30',
'default_vhost' => true,
Expand Down Expand Up @@ -398,6 +399,8 @@
it { is_expected.to contain_concat__fragment('rspec.example.com-serveralias') }
it { is_expected.to contain_concat__fragment('rspec.example.com-setenv') }
it { is_expected.to contain_concat__fragment('rspec.example.com-ssl') }
it { is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
:content => /^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$/ ) }
it { is_expected.to contain_concat__fragment('rspec.example.com-suphp') }
it { is_expected.to contain_concat__fragment('rspec.example.com-php_admin') }
it { is_expected.to contain_concat__fragment('rspec.example.com-header') }
Expand Down
3 changes: 3 additions & 0 deletions templates/mod/ssl.conf.erb
Original file line number Diff line number Diff line change
Expand Up @@ -25,4 +25,7 @@
<% if @ssl_options -%>
SSLOptions <%= @ssl_options.compact.join(' ') %>
<% end -%>
<%- if @ssl_openssl_conf_cmd -%>
SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %>
<%- end -%>
</IfModule>
3 changes: 3 additions & 0 deletions templates/vhost/_ssl.erb
Original file line number Diff line number Diff line change
Expand Up @@ -43,4 +43,7 @@
<%- if @ssl_options -%>
SSLOptions <%= Array(@ssl_options).join(' ') %>
<%- end -%>
<%- if @ssl_openssl_conf_cmd -%>
SSLOpenSSLConfCmd <%= @ssl_openssl_conf_cmd %>
<%- end -%>
<% end -%>

0 comments on commit 4c5e171

Please sign in to comment.