Adding test support for the other mongrel configuration header

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@2752 980ebf18-57e1-0310-9a29-db15c13687c0

2 files changed, 5 insertions, 1 deletions

diff --git a/lib/puppet/configuration.rb b/lib/puppet/configuration.rb
index 79ada647b..65e0d9fa8 100644
--- a/lib/puppet/configuration.rb
+++ b/lib/puppet/configuration.rb
@@ -313,6 +313,10 @@ module Puppet
         :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated
             client's SSL DN.  Only used with Mongrel.  This header must be set by the proxy
             to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``).
+            See the `UsingMongrel`:trac: wiki page for more information."],
+        :ssl_client_verify_header => ["HTTP_X_CLIENT_VERIFY", "The header containing the status
+            message of the client verification. Only used with Mongrel.  This header must be set by the proxy
+            to 'SUCCESS' if the client successfully authenticated, and anything else otherwise.
             See the `UsingMongrel`:trac: wiki page for more information."]
     )
 
diff --git a/lib/puppet/network/server/mongrel.rb b/lib/puppet/network/server/mongrel.rb
index 37a10d348..5bce40756 100644
--- a/lib/puppet/network/server/mongrel.rb
+++ b/lib/puppet/network/server/mongrel.rb
@@ -118,7 +118,7 @@ module Puppet::Network
             ip = params["REMOTE_ADDR"]
             if dn = params[Puppet[:ssl_client_header]] and dn.include?("/CN=")
                 client = dn.sub("/CN=", '')
-                valid = (params["HTTP_X_CLIENT_VERIFY"] == 'SUCCESS')
+                valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS')
             else
                 client = Resolv.getname(ip)
                 valid = false