From 0a4798d619c564346b0da5bdd02b04f60778ce46 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Thu, 10 Dec 2015 13:45:38 +0200
Subject: [PATCH] apache: Make SSLProxyVerifyDepth configurable

---
 apache/manifests/init.pp           | 1 +
 apache/templates/sslproxy.conf.erb | 1 +
 2 files changed, 2 insertions(+)

diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index c790395..b831160 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -501,6 +501,7 @@ class apache::sslproxy(
   $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
   $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
   $ssl_ca="${::puppet_ssldir}/certs/ca.pem",
+  $ssl_verifydepth="1",
 ) {
 
   include ssl
diff --git a/apache/templates/sslproxy.conf.erb b/apache/templates/sslproxy.conf.erb
index 877ffd5..cbdc1b9 100644
--- a/apache/templates/sslproxy.conf.erb
+++ b/apache/templates/sslproxy.conf.erb
@@ -2,3 +2,4 @@ SSLProxyEngine on
 SSLProxyMachineCertificateFile <%= @ssl_bundle %>
 SSLProxyCACertificateFile <%= @ssl_ca %>
 SSLProxyVerify require
+SSLProxyVerifyDepth <%= @ssl_verifydepth %>