From 308cb7b9da59e7ee3cecbd831af0e2636ef68f38 Mon Sep 17 00:00:00 2001
From: Ossi Salmi <osalmi@iki.fi>
Date: Wed, 30 Mar 2011 12:52:09 +0300
Subject: [PATCH] Added DH parameter generation to ssl module

---
 ssl/manifests/init.pp | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/ssl/manifests/init.pp b/ssl/manifests/init.pp
index a9b7968..a419020 100644
--- a/ssl/manifests/init.pp
+++ b/ssl/manifests/init.pp
@@ -49,3 +49,23 @@ define ssl::certificate($cn, $keyout="", $days="3650", $keysize="2048", $subject
     }
 
 }
+
+
+# Create DH parameters.
+#
+# === Parameters:
+#
+#   $name:
+#       Output file.
+#   $keysize:
+#       Key size. Defaults to 1024.
+#
+define ssl::dhparam($keysize="1024") {
+
+    exec { "openssl-dhparam-${name}":
+        path    => "/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin",
+        command => "/bin/sh -c 'umask 077 ; openssl dhparam -out ${name} ${keysize}'",
+        creates => "${name}",
+    }
+
+}