allow vhost parameter ssl_honorcipherorder to take a boolean as well as on/off (fixes MODULES-11068)

davidc · davidc · commit 35a3e3e7b69a · 2021-05-13T22:52:00.000+01:00
diff --git a/manifests/vhost.pp b/manifests/vhost.pp
@@ -1765,7 +1765,7 @@
   $ssl_certs_dir                                                                    = $apache::params::ssl_certs_dir,
   $ssl_protocol                                                                     = undef,
   $ssl_cipher                                                                       = undef,
-  $ssl_honorcipherorder                                                             = undef,
+  Variant[Boolean, Enum['on', 'On', 'off', 'Off'], Undef] $ssl_honorcipherorder     = undef,
   Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_verify_client = undef,
   $ssl_verify_depth                                                                 = undef,
   Optional[Enum['none', 'optional', 'require', 'optional_no_ca']] $ssl_proxy_verify = undef,
@@ -2029,6 +2029,18 @@
     include apache::mod::mime
   }
 
+  if $ssl_honorcipherorder =~ Boolean or $ssl_honorcipherorder == undef {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder
+  } else {
+    $_ssl_honorcipherorder = $ssl_honorcipherorder ? {
+      'on'    => true,
+      'On'    => true,
+      'off'   => false,
+      'Off'   => false,
+      default => true,
+    }
+  }
+
   if $auth_kerb and $ensure == 'present' {
     include apache::mod::auth_kerb
   }
@@ -2680,7 +2692,7 @@
   # - $ssl_crl_check
   # - $ssl_protocol
   # - $ssl_cipher
-  # - $ssl_honorcipherorder
+  # - $_ssl_honorcipherorder
   # - $ssl_verify_client
   # - $ssl_verify_depth
   # - $ssl_options
diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb
@@ -15,8 +15,8 @@
   <%- if @ssl_cipher -%>
   SSLCipherSuite          <%= @ssl_cipher %>
   <%- end -%>
-  <%- if @ssl_honorcipherorder -%>
-  SSLHonorCipherOrder     <%= @ssl_honorcipherorder %>
+  <%- if not @ssl_honorcipherorder.nil? -%>
+  SSLHonorCipherOrder     <%= scope.call_function('apache::bool2httpd', [@_ssl_honorcipherorder]) %>
   <%- end -%>
   <%- if @ssl_verify_client -%>
   SSLVerifyClient         <%= @ssl_verify_client %>
