HomePhorge
Diffusion puppet b02af7e05d9b

(PUP-2533) Apache 2.4 requires explicit CRL configuration
b02af7e05d9bUnpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(PUP-2533) Apache 2.4 requires explicit CRL configuration

In Apache 2.2, if either the SSLCARevocationFile or SSLCARevocationPath
directives were specified then the specified file(s) would be checked
when establishing an SSL connection. Apache 2.4+ the
SSLCARevocationCheck directive was added to control how CRLs were
checked when verifying a connection and had a default value of none.
This means that Apache defaults to ignoring CRLs even if paths are
specified to CRL files.

This commit updates the debian postinst script for the
puppetmaster-passenger package to set SSLCARevocationCheck directive to
'chain' when Apache 2.4 is installed. This ensures that the the
puppetmaster-passenger vhost respects CRL files in the same way that
Apache 2.2 does by default.
Apache 2.2

Details

Provenance
Adrien Thebo <git@somethingsinistral.net>Authored on
Melissa Stone <melissa@puppetlabs.com>Committed on May 27 2014, 8:22 PM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU1d1e1eac451f: (PUP-2478) Remove current directory from Ruby load path.
Branches
Unknown
Tags
Unknown

Event Timeline

Melissa Stone <melissa@puppetlabs.com> committed rPUb02af7e05d9b: (PUP-2533) Apache 2.4 requires explicit CRL configuration (authored by Adrien Thebo <git@somethingsinistral.net>).May 27 2014, 8:22 PM

Changes (2)

PathSize
ext/
debian/
rack/

rPUb02af7e05d9b

View Options

ext/debian/puppetmaster-passenger.postinst

Loading...
View Options

ext/rack/example-passenger-vhost.conf

Loading...