Applying a modification of the patch from Marcin Owsiany, allowing Mongrel to be a CA

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2727 980ebf18-57e1-0310-9a29-db15c13687c0

2 files changed, 6 insertions, 1 deletions

diff --git a/CHANGELOG b/CHANGELOG
index f67b78d5f..834a1e44c 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+    Added an extra check to the Mongrel support so that
+    Apache can be used with optional cert checking, instead
+    of mandatory, thus allowing Mongrel to function as the CA.
+    This is thanks to work done by Marcin Owsiany.
+
     You can now specify relationships to classes, which work
     exactly like relationships to defined types:
         require => Class[myclass]
diff --git a/lib/puppet/network/server/mongrel.rb b/lib/puppet/network/server/mongrel.rb
index 1f1c2a448..9d3388e5d 100644
--- a/lib/puppet/network/server/mongrel.rb
+++ b/lib/puppet/network/server/mongrel.rb
@@ -118,7 +118,7 @@ module Puppet::Network
             ip = params["REMOTE_ADDR"]
             if dn = params[Puppet[:ssl_client_header]]
                 client = dn.sub("/CN=", '')
-                valid = true
+                valid = (params["HTTP_X_CLIENT_VERIFY"] == 'SUCCESS')
             else
                 client = Resolv.getname(ip)
                 valid = false