pagure: Fix stunnel config so it validates for ssl by using the intermediate cert with a bundle.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/pagure/frontend/tasks/main.yml

@@ -153,6 +153,22 @@
   - stunnel
   - config
 
+- name: make a bundle file of the cert and intermediate for stunnel
+  shell: cat /etc/pki/tls/certs/pagure.io.cert /etc/pki/tls/certs/pagure.io.intermediate.cert > /etc/pki/tls/certs/pagure.io.bundle.cert creates=/etc/pki/tls/certs/pagure.io.bundle.cert
+  tags:
+  - pagure
+  - stunnel
+  - config
+  when: env != 'pagure-staging'
+
+- name: make a bundle file of the cert and intermediate for stunnel (stg)
+  shell: cat /etc/pki/tls/certs/stg.pagure.io.cert /etc/pki/tls/certs/stg.pagure.io.intermediate.cert > /etc/pki/tls/certs/stg.pagure.io.bundle.cert creates=/etc/pki/tls/certs/stg.pagure.io.bundle.cert
+  tags:
+  - pagure
+  - stunnel
+  - config
+  when: env == 'pagure-staging'
+
 - name: install stunnel.conf
   template: src={{ item.file }}
             dest={{ item.dest }}

roles/pagure/frontend/templates/stunnel-conf.j2

@@ -1,5 +1,10 @@
-cert = /etc/pki/tls/certs/pagure.io.cert
+{% if env == 'pagure-staging' %}
+cert = /etc/pki/tls/certs/stg.pagure.io.bundle.cert
 key = /etc/pki/tls/certs/pagure.io.key
+{% else %}
+cert = /etc/pki/tls/certs/pagure.io.bundle.cert
+key = /etc/pki/tls/certs/pagure.io.key
+{% endif %}
 pid = /var/run/stunnel.pid
 
 [{{ stunnel_service }}]