diff --git a/manifests/wsgi/apache.pp b/manifests/wsgi/apache.pp index 8477c446..e047f668 100644 --- a/manifests/wsgi/apache.pp +++ b/manifests/wsgi/apache.pp @@ -67,6 +67,11 @@ # (Optional) Path to SSL key. # Default to apache::vhost 'ssl_*' defaults # +# [*ssl_verify_client*] +# (Optional) Sets the SSLVerifyClient directive which sets the +# certificate verification level for client authentication. +# Default to apache::vhost 'ssl_*' defaults +# # [*ssl_chain*] # (Optional) SSL chain. # Default to apache::vhost 'ssl_*' defaults @@ -240,6 +245,7 @@ define openstacklib::wsgi::apache ( $ssl_crl = undef, $ssl_crl_path = undef, $ssl_key = undef, + $ssl_verify_client = undef, $threads = 1, $user = undef, $workers = $::os_workers, @@ -352,6 +358,7 @@ define openstacklib::wsgi::apache ( ssl => $ssl, ssl_cert => $ssl_cert, ssl_key => $ssl_key, + ssl_verify_client => $ssl_verify_client, ssl_chain => $ssl_chain, ssl_ca => $ssl_ca, ssl_crl_path => $ssl_crl_path, diff --git a/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml b/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml new file mode 100644 index 00000000..46bda7f6 --- /dev/null +++ b/releasenotes/notes/add-ssl_verify_client-87e52209cc80861d.yaml @@ -0,0 +1,4 @@ +--- +features: + - | + Added ssl_verify_client parameter to openstacklib::wsgi::apache. diff --git a/spec/defines/openstacklib_wsgi_apache_spec.rb b/spec/defines/openstacklib_wsgi_apache_spec.rb index 05e903f5..504cbf59 100644 --- a/spec/defines/openstacklib_wsgi_apache_spec.rb +++ b/spec/defines/openstacklib_wsgi_apache_spec.rb @@ -33,6 +33,7 @@ describe 'openstacklib::wsgi::apache' do :bind_port => 5000, :group => 'keystone', :ssl => true, + :ssl_verify_client => 'optional', :user => 'keystone', :wsgi_script_dir => '/var/www/cgi-bin/keystone', :wsgi_script_file => 'main', @@ -76,6 +77,7 @@ describe 'openstacklib::wsgi::apache' do :docroot_group => 'keystone', :setenv => [], :ssl => 'true', + :ssl_verify_client => 'optional', :wsgi_daemon_process => { 'keystone_wsgi' => { 'user' => 'keystone',