pagure: Fix stunnel config so it validates for ssl by using the intermediate cert with a bundle.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2019-09-20 20:19:49 +00:00 committed by Pierre-Yves Chibon
parent 990f66391b
commit 92c3e16b55
2 changed files with 22 additions and 1 deletions

View file

@ -153,6 +153,22 @@
- stunnel
- config
- name: make a bundle file of the cert and intermediate for stunnel
shell: cat /etc/pki/tls/certs/pagure.io.cert /etc/pki/tls/certs/pagure.io.intermediate.cert > /etc/pki/tls/certs/pagure.io.bundle.cert creates=/etc/pki/tls/certs/pagure.io.bundle.cert
tags:
- pagure
- stunnel
- config
when: env != 'pagure-staging'
- name: make a bundle file of the cert and intermediate for stunnel (stg)
shell: cat /etc/pki/tls/certs/stg.pagure.io.cert /etc/pki/tls/certs/stg.pagure.io.intermediate.cert > /etc/pki/tls/certs/stg.pagure.io.bundle.cert creates=/etc/pki/tls/certs/stg.pagure.io.bundle.cert
tags:
- pagure
- stunnel
- config
when: env == 'pagure-staging'
- name: install stunnel.conf
template: src={{ item.file }}
dest={{ item.dest }}

View file

@ -1,5 +1,10 @@
cert = /etc/pki/tls/certs/pagure.io.cert
{% if env == 'pagure-staging' %}
cert = /etc/pki/tls/certs/stg.pagure.io.bundle.cert
key = /etc/pki/tls/certs/pagure.io.key
{% else %}
cert = /etc/pki/tls/certs/pagure.io.bundle.cert
key = /etc/pki/tls/certs/pagure.io.key
{% endif %}
pid = /var/run/stunnel.pid
[{{ stunnel_service }}]