Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-10314

Puppet tries to print ssl information for non-ssl connections in debug mode

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 6.13.0
    • Fix Version/s: PUP 6.14.0
    • Component/s: None
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Epic Link:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      In debug mode, Puppet will now only print TLS protocols and ciphersuites for HTTPS connections, but not HTTP connections.
    • QA Risk Assessment:
      Needs Assessment

      Description

      When running in debug mode, puppet tries to print ssl information (protocol & ciphers) for each new connection, but it does it for non-ssl connections. It's unlikely to be triggered in 6.13.0 because only the CA REST APIs and PMT are using the new http client, but can be triggered via:

       

      $ bx puppet module search puppetlabs-stdlib --debug --module_repository=http://localhost:8081/artifactory/api/puppet/puppet
      Debug: Runtime environment: puppet_version=6.13.0, ruby_version=2.3.8, run_mode=user, default_encoding=UTF-8
      Notice: Searching http://localhost:8081/artifactory/api/puppet/puppet ...
      Debug: Could not find library 'pe_license' required to enable feature 'pe_license'
      Debug: Creating new connection for http://localhost:8081
      Debug: Starting connection for http://localhost:8081
      Error: Could not connect to http://localhost:8081/artifactory/api/puppet/puppet
        There was a network communications problem
          The error we caught said 'Request to http://localhost:8081/artifactory/api/puppet/puppet/v3/modules?query=puppetlabs-stdlib failed after 0.002 seconds: undefined method `ssl_version' for #<TCPSocket:fd 9>'
      

      The problem is a verifier is being passed to the pool in the non-ssl case, and the pool is using that to determine if the connection is ssl based or not.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support