Merge pull request #1632 from Cicco0/add-missing-mailhost-ssl

kenyon · web-flow · commit 778eaa16db35 · 2025-07-07T12:47:48.000-07:00
Add ssl parameter to IPv6 listen directive
diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb
@@ -559,7 +559,7 @@
               title: 'should enable IPv6',
               attr: 'ipv6_enable',
               value: true,
-              match: '  listen                [::]:587 default ipv6only=on;'
+              match: '  listen                [::]:587 ssl default ipv6only=on;'
             },
             {
               title: 'should not enable IPv6',
@@ -571,19 +571,19 @@
               title: 'should set the IPv6 listen IP',
               attr: 'ipv6_listen_ip',
               value: '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
-              match: '  listen                [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 default ipv6only=on;'
+              match: '  listen                [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:587 ssl default ipv6only=on;'
             },
             {
               title: 'should set the IPv6 ssl port',
               attr: 'ssl_port',
               value: 45,
-              match: '  listen                [::]:45 default ipv6only=on;'
+              match: '  listen                [::]:45 ssl default ipv6only=on;'
             },
             {
               title: 'should set the IPv6 listen options',
               attr: 'ipv6_listen_options',
               value: 'spdy',
-              match: '  listen                [::]:587 spdy;'
+              match: '  listen                [::]:587 ssl spdy;'
             },
             {
               title: 'should set servername(s)',
@@ -695,6 +695,11 @@
                 content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
                 expect(content).to include('listen                *:587 ssl;')
               end
+
+              it 'contains `ssl` in the listen directive for ipv6' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                [::]:587 ssl default ipv6only=on;')
+              end
             end
 
             context 'when version comes from parameter' do
@@ -704,6 +709,11 @@
                 content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
                 expect(content).to include('listen                *:587 ssl;')
               end
+
+              it 'contains `ssl` in the listen directive for ipv6' do
+                content = catalogue.resource('concat::fragment', "#{title}-ssl").send(:parameters)[:content]
+                expect(content).to include('listen                [::]:587 ssl default ipv6only=on;')
+              end
             end
 
             context 'mail proxy parameters' do
diff --git a/templates/mailhost/mailhost_ssl.epp b/templates/mailhost/mailhost_ssl.epp
@@ -17,7 +17,7 @@ server {
   listen                <%= $ip %>:<%= $ssl_port %> ssl;
 <%- } -%>
 <%- $ipv6_listen_ip.each |$ipv6| { -%>
-  listen                [<%= $ipv6 %>]:<%= $ssl_port %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
+  listen                [<%= $ipv6 %>]:<%= $ssl_port %><% if versioncmp($nginx_version, '1.15.0') >= 0 { %> ssl<% } %> <% if $ipv6_listen_options { %><%= $ipv6_listen_options %><% } %>;
 <%- } -%>
 <%= $mailhost_common -%>
 
