Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-11082

Use PKey.read when loading private keys

    XMLWordPrintable

Details

    • Task
    • Status: Resolved
    • Normal
    • Resolution: Fixed
    • None
    • PUP 6.24.0, PUP 7.9.0
    • None
    • Froyo
    • 1
    • Froyo - 6/16/2021, Froyo - 6/30/2021
    • Bug Fix
    • Puppet Agent can now load private keys in PKCS#8 format.
    • Needs Assessment

    Description

      There's a littany of reasons that we couldn't use PKey.read in https://github.com/puppetlabs/puppet/blob/1a13e0cf96c70b303492e684f9ccf4c38207b3dd/lib/puppet/x509/cert_provider.rb#L218-L222.

      However, We no longer use this code in Terminii that will be loaded in JRuby (and so don't use this code at all in JRuby) nor do we support older versions of Ruby in Puppet 7.x. Our manual determination of which implementation class to construct is somewhat naive and PKey.read will do a better job.

      Consequently, we should use PKey.read in the above code.

      Note: This should only be updated for puppet7 (main branch).

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-3016 Cannot use OpenSSL EC files in OpenSSL format

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              maggie Maggie Dreyer
              justin Justin Stoller
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support