software/slapos-master: allow disabling CRL check (fixup)

software/slapos-master/apache-backend.conf.in

@@ -168,7 +168,7 @@ Listen {{ ip }}:{{ port }}
   # Custom block we use for now different parameters.
   RequestHeader set Remote-User %{SSL_CLIENT_S_DN_CN}s
   SSLCACertificateFile {{ parameter_dict['shared-ca-cert'] }}
-{% if parameter_dict['shared-crl'] -%}
+{% if 'shared-crl' in parameter_dict -%}
   SSLCARevocationCheck chain
   SSLCARevocationPath {{ parameter_dict['shared-crl'] }}
 {% endif -%}

software/slapos-master/instance-balancer.cfg.in

@@ -4,7 +4,6 @@
 {% set ssl_parameter_dict = slapparameter_dict['ssl'] -%}
 {% set frontend_caucase_url_list = ssl_parameter_dict.get('frontend-caucase-url-list', []) -%}
 {% set shared_ca_path = slapparameter_dict.get('shared-certificate-authority-path') -%}
-{% set check_crl = slapparameter_dict.get('check-crl', True) -%}
 {#
 XXX: This template only supports exactly one IPv4 and (if ipv6 is used) one IPv6
 per partition. No more (undefined result), no less (IndexError).
@@ -175,7 +174,7 @@ crl = ${apache-conf-ssl:crl}
 
 {% if shared_ca_path -%}
 shared-ca-cert = {{ shared_ca_path }}/cacert.pem
-{% if check_crl -%}
+{% if slapparameter_dict.get('check-crl') -%}
 shared-crl = {{ shared_ca_path }}/crl
 {%- endif %}
 {%- endif %}

software/slapos-master/instance-erp5.cfg.in

@@ -448,6 +448,7 @@ config-monitor-passwd = ${monitor-htpasswd:passwd}
 config-ssl = {{ dumps(balancer_dict['ssl']) }}
 config-name = ${:name}
 config-shared-certificate-authority-path = ${directory:ca-dir}
+config-check-crl = {{ dumps(slapparameter_dict.get('check-crl', True)) }}
 config-backend-path-dict = {{ dumps(zope_backend_path_dict) }}
 config-ssl-authentication-dict = {{ dumps(ssl_authentication_dict) }}
 config-apachedex-promise-threshold = {{ dumps(monitor_dict.get('apachedex-promise-threshold', 70)) }}