Merge pull request #2093 from aspectcapital/ssl-parameters

Add ssl_user_name vhost parameter

Author: sanfrancrisko

manifests/vhost.pp

@@ -1676,6 +1676,9 @@
 #   Can be used to set the [SSLStaplingReturnResponderErrors](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslstaplingreturnrespondererrors) directive.<br />
 #   This parameter only applies to Apache 2.4 or higher and is ignored on older versions.
 #
+# @param ssl_user_name
+#   Sets the [SSLUserName](https://httpd.apache.org/docs/current/mod/mod_ssl.html#sslusername) directive.
+#
 # @param use_canonical_name
 #   Specifies whether to use the [`UseCanonicalName directive`](https://httpd.apache.org/docs/2.4/mod/core.html#usecanonicalname),
 #   which allows you to configure how the server determines it's own name and port.
@@ -1774,6 +1777,7 @@
   Optional[Boolean] $ssl_stapling                                                   = undef,
   $ssl_stapling_timeout                                                             = undef,
   $ssl_stapling_return_errors                                                       = undef,
+  Optional[String] $ssl_user_name                                                   = undef,
   $priority                                                                         = undef,
   Boolean $default_vhost                                                            = false,
   $servername                                                                       = $name,

spec/acceptance/vhost_spec.rb

@@ -769,10 +769,11 @@ class { 'apache': }
         priority => false,
         docroot => '/tmp'
       }
-      apache::vhost { 'test.ssl_protool':
-        docroot      => '/tmp',
-        ssl          => true,
-        ssl_protocol => ['All', '-SSLv2'],
+      apache::vhost { 'test.ssl_protocol':
+        docroot       => '/tmp',
+        ssl           => true,
+        ssl_protocol  => ['All', '-SSLv2'],
+        ssl_user_name => 'SSL_CLIENT_S_DN_CN',
       }
       apache::vhost { 'test.block':
         docroot  => '/tmp',
@@ -873,9 +874,10 @@ class { 'apache': }
     describe file("#{apache_hash['vhost_dir']}/test.without_priority_prefix.conf") do
       it { is_expected.to be_file }
     end
-    describe file("#{apache_hash['vhost_dir']}/25-test.ssl_protool.conf") do
+    describe file("#{apache_hash['vhost_dir']}/25-test.ssl_protocol.conf") do
       it { is_expected.to be_file }
       it { is_expected.to contain 'SSLProtocol  *All -SSLv2' }
+      it { is_expected.to contain 'SSLUserName  *SSL_CLIENT_S_DN_CN' }
     end
     describe file("#{apache_hash['vhost_dir']}/25-test.block.conf") do
       it { is_expected.to be_file }

spec/defines/vhost_spec.rb

@@ -85,6 +85,7 @@
               'ssl_proxyengine'             => true,
               'ssl_proxy_cipher_suite'      => 'HIGH',
               'ssl_proxy_protocol'          => 'TLSv1.2',
+              'ssl_user_name'               => 'SSL_CLIENT_S_DN_CN',
               'priority'                    => '30',
               'default_vhost'               => true,
               'servername'                  => 'example.com',
@@ -1045,6 +1046,11 @@
               content: %r{^\s+SSLOpenSSLConfCmd\s+DHParameters "foo.pem"$},
             )
           }
+          it {
+            is_expected.to contain_concat__fragment('rspec.example.com-ssl').with(
+              content: %r{^\s+SSLUserName\s+SSL_CLIENT_S_DN_CN$},
+            )
+          }
           it { is_expected.to contain_concat__fragment('rspec.example.com-sslproxy') }
           it {
             is_expected.to contain_concat__fragment('rspec.example.com-sslproxy').with(

templates/vhost/_ssl.erb

@@ -54,4 +54,7 @@
   <%- if (not @ssl_stapling_return_errors.nil?) && (scope.function_versioncmp([@apache_version, '2.4']) >= 0) -%>
   SSLStaplingReturnResponderErrors <%= scope.call_function('apache::bool2httpd', [@ssl_stapling_return_errors]) %>
   <%- end -%>
+  <%- if @ssl_user_name -%>
+  SSLUserName             <%= @ssl_user_name %>
+  <%- end -%>
 <% end -%>