From 2427d4eb9a8ec26b9649fd80247595769674bd4a Mon Sep 17 00:00:00 2001
From: Lukasz Nowak <luke@nexedi.com>
Date: Wed, 21 Nov 2018 13:03:51 +0100
Subject: [PATCH] caddy-frontend: ssl_ca_crt requires ssl_crt and ssl_key

---
 software/caddy-frontend/buildout.hash.cfg                | 2 +-
 software/caddy-frontend/instance-apache-replicate.cfg.in | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/software/caddy-frontend/buildout.hash.cfg b/software/caddy-frontend/buildout.hash.cfg
index 669713e17..e25f463de 100644
--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -26,7 +26,7 @@ md5sum = ab1795f92e32655d05c662c965d2b1f5
 
 [template-apache-replicate]
 filename = instance-apache-replicate.cfg.in
-md5sum = 44d50bf8391b5a73b2ab72923efe6437
+md5sum = 6a86edb96b171fbd0a59d0adc9cc906b
 
 [template-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
diff --git a/software/caddy-frontend/instance-apache-replicate.cfg.in b/software/caddy-frontend/instance-apache-replicate.cfg.in
index 3f05435cf..040449fad 100644
--- a/software/caddy-frontend/instance-apache-replicate.cfg.in
+++ b/software/caddy-frontend/instance-apache-replicate.cfg.in
@@ -122,6 +122,9 @@ context =
 {%       do slave_error_list.append('slave https-url %r invalid' % (slave['https-url'],)) %}
 {%     endif %}
 {%   endif %}
+{%   if slave.get('ssl_ca_crt') and not (slave.get('ssl_crt') and slave.get('ssl_key')) %}
+{%     do slave_error_list.append('ssl_ca_crt is present, so ssl_crt and ssl_key are required')  %}
+{%   endif %}
 {%   if slave.get('ssl_key') and slave.get('ssl_crt') %}
 {%     set key_popen = popen([openssl, 'rsa', '-noout', '-modulus']) %}
 {%     set crt_popen = popen([openssl, 'x509', '-noout', '-modulus']) %}
-- 
2.30.9