broadinstitute · rcalixte · May 18, 2018 · May 18, 2018
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## Release 2.2.0 (May 18, 2018)
+
+### Summary
+* Switching the `validate_x509` parameter to default to false until it is fully working as intended
+* Adding usage info for `validate_x509` to the README
+
 ## Release 2.1.1 (May 16, 2018)
 
 ### Summary
@@ -12,7 +18,7 @@
 
 ### Summary
 * Updating puppetlabs-stdlib dependency to minimum 4.12.0
-* Drop support for Puppet 3.x
+* Drop support for Puppet 3.x (Thanks to Jo Rhett)
 
 ## Release 1.2.1 (August 2, 2017)
 

diff --git a/README.md b/README.md
@@ -371,6 +371,12 @@ The location of the certificate files. Typically references a module's files.
 
 e.g. *'puppet:///site_certs'* will search for the mount point defined in `fileserver.conf` on the Puppet Server for the specified files.
 
+##### `validate_x509`
+A boolean value to determine whether or not to validate the certificate and key pairs.
+Failure will cause the catalog to fail compilation.
+
+Optional value. **Default: false**.
+
 ## Limitations
 
 This module is CI tested against [open source Puppet](https://docs.puppetlabs.com/puppet) on:

diff --git a/data/common.yaml b/data/common.yaml
@@ -8,4 +8,4 @@ certs::key_dir_mode: '0755'
 certs::key_ext: '.key'
 certs::key_mode: '0600'
 certs::owner: 'root'
-certs::validate_x509: true
+certs::validate_x509: false
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -114,8 +114,8 @@
 #
 # [*validate_x509*]
 # A boolean value to determine whether or not to validate the certificate and key pairs.
-# Failure will cause the service not to restart.
-# Optional value. Default: true.
+# Failure will cause the catalog to fail compilation.
+# Optional value. Default: false.
 #
 class certs(
   Stdlib::Absolutepath $cert_path,
@@ -135,7 +135,7 @@
   String $chain_ext                = lookup('certs::cert_ext'),
   Stdlib::Absolutepath $chain_path = lookup('certs::cert_path'),
   Boolean $supported_os            = false,
-  Boolean $validate_x509           = true,
+  Boolean $validate_x509           = false,
   Hash $sites                      = {}
 ) {
   unless $supported_os {

diff --git a/manifests/site.pp b/manifests/site.pp
@@ -172,8 +172,8 @@
 #
 # [*validate_x509*]
 # A boolean value to determine whether or not to validate the certificate and key pairs.
-# Failure will cause the service not to restart.
-# Optional value. Default: true.
+# Failure will cause the catalog to fail compilation.
+# Optional value. Default: false.
 #
 # === Examples
 #

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "broadinstitute-certs",
-  "version": "2.1.1",
+  "version": "2.2.0",
   "author": "Riccardo Calixte <rcalixte@broadinstitute.org>",
   "description": "Module for SSL certificate configuration",
   "summary": "Configures and manages SSL certificate deployments, restarting services as configured.",
@@ -40,8 +40,8 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "7",
-        "8"
+        "8",
+        "9"
       ]
     },
     {