(PUP-2533) Apache 2.4 requires explicit CRL configuration
In Apache 2.2, if either the SSLCARevocationFile or SSLCARevocationPath
directives were specified then the specified file(s) would be checked
when establishing an SSL connection. Apache 2.4+ the
SSLCARevocationCheck directive was added to control how CRLs were
checked when verifying a connection and had a default value of none.
This means that Apache defaults to ignoring CRLs even if paths are
specified to CRL files.
This commit updates the debian postinst script for the
puppetmaster-passenger package to set SSLCARevocationCheck directive to
'chain' when Apache 2.4 is installed. This ensures that the the
puppetmaster-passenger vhost respects CRL files in the same way that
Apache 2.2 does by default.
Apache 2.2