Merge pull request #798 from rchicoli/ssl_verify_client

add ssl_verify_client parameter
This commit is contained in:
Matthew Haughton 2016-04-12 18:08:26 -04:00
commit b4946b7574
3 changed files with 8 additions and 2 deletions

View file

@ -53,6 +53,7 @@
# for SSL Support. This is not generated by this module.
# [*ssl_client_cert*] - Pre-generated SSL Certificate file to reference
# for client verify SSL Support. This is not generated by this module.
# [*ssl_verify_client*] - Enables verification of client certificates.
# [*ssl_crl*] - String: Specifies CRL path in file system
# [*ssl_dhparam*] - This directive specifies a file containing
# Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
@ -191,6 +192,7 @@ define nginx::resource::vhost (
$ssl_listen_option = true,
$ssl_cert = undef,
$ssl_client_cert = undef,
$ssl_verify_client = 'on',
$ssl_dhparam = undef,
$ssl_key = undef,
$ssl_port = 443,
@ -322,6 +324,9 @@ define nginx::resource::vhost (
if ($ssl_client_cert != undef) {
validate_string($ssl_client_cert)
}
if ($ssl_verify_client != undef) {
validate_string($ssl_verify_client)
}
if ($ssl_crl != undef) {
validate_string($ssl_crl)
}

View file

@ -922,12 +922,13 @@ describe 'nginx::resource::vhost' do
:ssl_key => 'dummy.key',
:ssl_cert => 'dummy.cert',
:ssl_client_cert => 'client.cert',
:ssl_verify_client => 'optional',
}) end
it { is_expected.to contain_nginx__resource__location("#{title}-default").with_ssl_only(true) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{access_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.access\.log combined;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{error_log\s+/var/log/nginx/ssl-www\.rspec\.example\.com\.error\.log}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client on;}) }
it { is_expected.to contain_concat__fragment("#{title}-ssl-header").with_content(%r{ssl_verify_client\s+optional;}) }
end
context 'when passenger_cgi_param is set' do
let :params do default_params.merge({

View file

@ -4,7 +4,7 @@
ssl_certificate_key <%= @ssl_key %>;
<% if defined? @ssl_client_cert -%>
ssl_client_certificate <%= @ssl_client_cert %>;
ssl_verify_client on;
ssl_verify_client <%= @ssl_verify_client %>;
<% end -%>
<% if defined? @ssl_dhparam -%>
ssl_dhparam <%= @ssl_dhparam %>;