--- /dev/null
+class apache::mod::ssl (
+ $ssl_compression = false,
+ $ssl_cryptodevice = 'builtin',
+ $ssl_options = [ 'StdEnvVars' ],
+ $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
+ $ssl_honorcipherorder = 'On',
+ $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
+ $ssl_pass_phrase_dialog = 'builtin',
+ $ssl_random_seed_bytes = '512',
+ $ssl_sessioncachetimeout = '300',
+ $apache_version = $::apache::apache_version,
+ $package_name = undef,
+) {
+ $session_cache = $::osfamily ? {
+ 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
+ 'redhat' => '/var/cache/mod_ssl/scache(512000)',
+ 'freebsd' => '/var/run/ssl_scache(512000)',
+ 'gentoo' => '/var/run/ssl_scache(512000)',
+ }
+
+ case $::osfamily {
+ 'debian': {
+ if versioncmp($apache_version, '2.4') >= 0 {
+ $ssl_mutex = 'default'
+ } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
+ $ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
+ } else {
+ $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
+ }
+ }
+ 'redhat': {
+ $ssl_mutex = 'default'
+ }
+ 'freebsd': {
+ $ssl_mutex = 'default'
+ }
+ 'gentoo': {
+ $ssl_mutex = 'default'
+ }
+ default: {
+ fail("Unsupported osfamily ${::osfamily}")
+ }
+ }
+
+ ::apache::mod { 'ssl':
+ package => $package_name,
+ }
+
+ if versioncmp($apache_version, '2.4') >= 0 {
+ ::apache::mod { 'socache_shmcb': }
+ }
+
+ # Template uses
+ #
+ # $ssl_compression
+ # $ssl_cryptodevice
+ # $ssl_cipher
+ # $ssl_honorcipherorder
+ # $ssl_options
+ # $session_cache
+ # $ssl_mutex
+ # $ssl_random_seed_bytes
+ # $ssl_sessioncachetimeout
+ # $apache_version
+ #
+ file { 'ssl.conf':
+ ensure => file,
+ path => "${::apache::mod_dir}/ssl.conf",
+ content => template('apache/mod/ssl.conf.erb'),
+ require => Exec["mkdir ${::apache::mod_dir}"],
+ before => File[$::apache::mod_dir],
+ notify => Class['apache::service'],
+ }
+}