(MODULES-2834) Support SSLProxyCheckPeerCN and SSLProxyCheckPeerName … #1268
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…settings
Allows SSLProxyCheckPeerCN and SSLProxyCheckPeerName to be set on
an SSL enabled vhost.
```puppet
apache::vhost{'foo':
ssl_proxy_check_peer_cn => 'on',
ssl_proxy_check_peer_name => 'on'
}
```
results in
```
SSLProxyCheckPeerCN on
SSLProxyCheckPeerName on
```
apache configuration with in a vhost.
* https://tickets.puppetlabs.com/browse/MODULES-2834
* http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeercn
* http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslproxycheckpeername
|
i'd rather we used bool2httpd here, but… with the benefit of over a year of experience, i'm now seeing @hunner's points against this particular function being a pass-through… perhaps what we need, is also a validate_httpd_bool(), which takes an optional argument à la validate_re(). |
| @@ -3164,6 +3164,15 @@ Sets the [SSLProxyMachineCertificateFile](http://httpd.apache.org/docs/current/m | |||
| } | |||
| ~~~ | |||
|
|
|||
| ##### `ssl_proxy_check_peer_cn` | |||
There was a problem hiding this comment.
Can you move this above the section ssl_proxy_machine_cert as to keep the params in alphabetical order?
|
I'm ok with this change provided the readme update. @igalic do you still have any objections? Your last comment was unclear. |
ckaenzig
added a commit
to ckaenzig/puppetlabs-apache
that referenced
this pull request
Nov 25, 2015
RewriteRules and ProxyPass directives can require SSLProxy* configurations even if SSLEngine is not enabled. This PR should be updated with options added in puppetlabs#1268 once it is merged.
ckaenzig
added a commit
to ckaenzig/puppetlabs-apache
that referenced
this pull request
Nov 25, 2015
RewriteRules and ProxyPass directives can require SSLProxy* configurations even if SSLEngine is not enabled. This PR should be updated with options added in puppetlabs#1268 once it is merged.
ckaenzig
added a commit
to ckaenzig/puppetlabs-apache
that referenced
this pull request
Nov 25, 2015
RewriteRules and ProxyPass directives can require SSLProxy* configurations even if SSLEngine is not enabled. This PR should be updated with options added in puppetlabs#1268 once it is merged.
igalic
added a commit
that referenced
this pull request
Dec 2, 2015
(MODULES-2834) Support SSLProxyCheckPeerCN and SSLProxyCheckPeerName …
|
SSLProxyCheckPeerName was not a valid directive in Apache v2.2, so using this option leads to an error in that case. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…settings
Allows SSLProxyCheckPeerCN and SSLProxyCheckPeerName to be set on
an SSL enabled vhost.
results in
apache configuration with in a vhost.