Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10144

Add SSLProvider#create_system_context method

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.12.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Epic Link:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      Add a method to Puppet::SSL::SSLProvider for loading a system ssl context. This will be needed in order to retrieve file content from HTTPS servers whose certs are not signed by Puppet, but by well known CAs like VeriSign.

      The method should require a cacerts argument containing an array of OpenSSL::X509::Certificate. It's ok if the array is empty, but should raise ArgumentError if nil.

      The method should return a Puppet::SSL::SSLContext:

      • The context's store should have VERIFY_PEER set
      • Each cacert should be added to the store.
      • The set_default_paths method should be called on the store.
      • Revocation should be disabled.
      • The private key and client cert should be nil

        Attachments

          Activity

            People

            Assignee:
            josh Josh Cooper
            Reporter:
            josh Josh Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support