From d49c5681d5da614ccc27ff96e91e9aa2bcee20c1 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 28 Feb 2014 18:10:37 +0000
Subject: [PATCH] Produce a -chained file for our certs

---
 modules/ssl/manifests/service.pp  | 4 ++++
 modules/ssl/templates/chained.erb | 7 +++++++
 2 files changed, 11 insertions(+)
 create mode 100644 modules/ssl/templates/chained.erb

diff --git a/modules/ssl/manifests/service.pp b/modules/ssl/manifests/service.pp
index f0400525..5c2509af 100644
--- a/modules/ssl/manifests/service.pp
+++ b/modules/ssl/manifests/service.pp
@@ -14,6 +14,10 @@ define ssl::service($ensure = present, $tlsaport = 443, $notify = []) {
 		notify => [ Exec['refresh_debian_hashes'], $notify ],
 		links  => follow,
 	}
+	file { "/etc/ssl/debian/certs/$name.crt-chained":
+		content => template('ssl/chained.erb'),
+		notify => [ Exec['refresh_debian_hashes'], $notify ],
+	}
 
 	if $tlsaport > 0 {
 		dnsextras::tlsa_record{ "tlsa-${name}-${tlsaport}":
diff --git a/modules/ssl/templates/chained.erb b/modules/ssl/templates/chained.erb
new file mode 100644
index 00000000..1ae6581d
--- /dev/null
+++ b/modules/ssl/templates/chained.erb
@@ -0,0 +1,7 @@
+<%=
+    File.read("/etc/puppet/modules/ssl/files/servicecerts/#{name}.crt")
+%>
+<%=
+    fn = "/etc/puppet/modules/ssl/files/chains/#{name}.crt"
+    File.exist?(fn) ? File.read(fn) : ''
+%>
-- 
2.39.2