Merge pull request #2284 from SwartzCr/centos_sslcompression

make different options ssl conf for centos

letsencrypt-apache/letsencrypt_apache/centos-options-ssl-apache.conf

@@ -0,0 +1,21 @@
+# Baseline setting to Include for SSL sites
+
+SSLEngine on
+
+# Intermediate configuration, tweak to your needs
+SSLProtocol             all -SSLv2 -SSLv3
+SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+SSLHonorCipherOrder     on
+
+SSLOptions +StrictRequire
+
+# Add vhost name to log entries:
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
+LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
+
+#CustomLog /var/log/apache2/access.log vhost_combined
+#LogLevel warn
+#ErrorLog /var/log/apache2/error.log
+
+# Always ensure Cookies have "Secure" set (JAH 2012/1)
+#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

letsencrypt-apache/letsencrypt_apache/configurator.py

@@ -1593,4 +1593,4 @@ def install_ssl_options_conf(options_ssl):
 
     # Check to make sure options-ssl.conf is installed
     if not os.path.isfile(options_ssl):
-        shutil.copyfile(constants.MOD_SSL_CONF_SRC, options_ssl)
+        shutil.copyfile(constants.os_constant("MOD_SSL_CONF_SRC"), options_ssl)

letsencrypt-apache/letsencrypt_apache/constants.py

@@ -16,7 +16,9 @@ CLI_DEFAULTS_DEBIAN = dict(
     le_vhost_ext="-le-ssl.conf",
     handle_mods=True,
     handle_sites=True,
-    challenge_location="/etc/apache2"
+    challenge_location="/etc/apache2",
+    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+    "letsencrypt_apache", "options-ssl-apache.conf")
 )
 CLI_DEFAULTS_CENTOS = dict(
     server_root="/etc/httpd",
@@ -31,7 +33,9 @@ CLI_DEFAULTS_CENTOS = dict(
     le_vhost_ext="-le-ssl.conf",
     handle_mods=False,
     handle_sites=False,
-    challenge_location="/etc/httpd/conf.d"
+    challenge_location="/etc/httpd/conf.d",
+    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+    "letsencrypt_apache", "centos-options-ssl-apache.conf")
 )
 CLI_DEFAULTS_GENTOO = dict(
     server_root="/etc/apache2",
@@ -46,7 +50,9 @@ CLI_DEFAULTS_GENTOO = dict(
     le_vhost_ext="-le-ssl.conf",
     handle_mods=False,
     handle_sites=False,
-    challenge_location="/etc/apache2/vhosts.d"
+    challenge_location="/etc/apache2/vhosts.d",
+    MOD_SSL_CONF_SRC=pkg_resources.resource_filename(
+    "letsencrypt_apache", "options-ssl-apache.conf")
 )
 CLI_DEFAULTS = {
     "debian": CLI_DEFAULTS_DEBIAN,
@@ -62,11 +68,6 @@ CLI_DEFAULTS = {
 MOD_SSL_CONF_DEST = "options-ssl-apache.conf"
 """Name of the mod_ssl config file as saved in `IConfig.config_dir`."""
 
-MOD_SSL_CONF_SRC = pkg_resources.resource_filename(
-    "letsencrypt_apache", "options-ssl-apache.conf")
-"""Path to the Apache mod_ssl config file found in the Let's Encrypt
-distribution."""
-
 AUGEAS_LENS_DIR = pkg_resources.resource_filename(
     "letsencrypt_apache", "augeas_lens")
 """Path to the Augeas lens directory"""

letsencrypt-apache/letsencrypt_apache/tests/util.py

@@ -33,7 +33,7 @@ class ApacheTest(unittest.TestCase):  # pylint: disable=too-few-public-methods
             pkg="letsencrypt_apache.tests")
 
         self.ssl_options = common.setup_ssl_options(
-            self.config_dir, constants.MOD_SSL_CONF_SRC,
+            self.config_dir, constants.os_constant("MOD_SSL_CONF_SRC"),
             constants.MOD_SSL_CONF_DEST)
 
         self.config_path = os.path.join(self.temp_dir, config_root)