From ebdc05976fa359c30fe6b5e6ab20a43414392d8e Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Mon, 19 Oct 2015 19:51:14 +0000
Subject: [PATCH] Enable SNI on Ubuntu 12.04 LTS

Enable Server Name Indication (SNI) on Ubuntu 12.04 LTS which runs
Apache 2.2. This allows running multiple HTTPS sites from one IP
address/TCP port when SubjectAltNames are specified in the
certificate, but MSIE on WinXP does not support this extension and
so will cease working for HTTPS sites managed by this module. Note
that this behavior is already implicit on Apache 2.4 based platforms
(such as Ubuntu 14.04 LTS).

Change-Id: I05c8e335f68d9461d8d81a3d12343d1920a738d4
---
 files/sni        |  4 ++++
 manifests/ssl.pp | 10 ++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 files/sni

diff --git a/files/sni b/files/sni
new file mode 100644
index 0000000..67da4c3
--- /dev/null
+++ b/files/sni
@@ -0,0 +1,4 @@
+# Enable SNI for HTTPS (this breaks HTTPS sites for MSIE on WinXP)
+<IfModule mod_ssl.c>
+    NameVirtualHost *:443
+</IfModule>
diff --git a/manifests/ssl.pp b/manifests/ssl.pp
index 2e1569a..1a0d607 100644
--- a/manifests/ssl.pp
+++ b/manifests/ssl.pp
@@ -31,4 +31,14 @@ class httpd::ssl {
       fail( "${::operatingsystem} not defined in httpd::ssl.")
     }
   }
+
+  if $::lsbdistcodename == 'precise' {
+    # Unconditionally enable SNI on Ubuntu 12.04 (it's on by default in 14.04)
+    file { '/etc/apache2/conf.d/sni':
+      ensure  => present,
+      source  => 'puppet:///modules/httpd/sni',
+      notify  => Service['httpd'],
+      require => Package['httpd'],
+    }
+  }
 }