diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/puppet/configuration.rb | 4 | ||||
| -rw-r--r-- | lib/puppet/network/server/mongrel.rb | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/lib/puppet/configuration.rb b/lib/puppet/configuration.rb index 79ada647b..65e0d9fa8 100644 --- a/lib/puppet/configuration.rb +++ b/lib/puppet/configuration.rb @@ -313,6 +313,10 @@ module Puppet :ssl_client_header => ["HTTP_X_CLIENT_DN", "The header containing an authenticated client's SSL DN. Only used with Mongrel. This header must be set by the proxy to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``). + See the `UsingMongrel`:trac: wiki page for more information."], + :ssl_client_verify_header => ["HTTP_X_CLIENT_VERIFY", "The header containing the status + message of the client verification. Only used with Mongrel. This header must be set by the proxy + to 'SUCCESS' if the client successfully authenticated, and anything else otherwise. See the `UsingMongrel`:trac: wiki page for more information."] ) diff --git a/lib/puppet/network/server/mongrel.rb b/lib/puppet/network/server/mongrel.rb index 37a10d348..5bce40756 100644 --- a/lib/puppet/network/server/mongrel.rb +++ b/lib/puppet/network/server/mongrel.rb @@ -118,7 +118,7 @@ module Puppet::Network ip = params["REMOTE_ADDR"] if dn = params[Puppet[:ssl_client_header]] and dn.include?("/CN=") client = dn.sub("/CN=", '') - valid = (params["HTTP_X_CLIENT_VERIFY"] == 'SUCCESS') + valid = (params[Puppet[:ssl_client_verify_header]] == 'SUCCESS') else client = Resolv.getname(ip) valid = false |