Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2103

Puppet client does not update and does consult the crl during authentication

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: PUP 3.4.3
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:

      Description

      In my tests puppet client never updates it’s /var/lib/puppet/ssl/crl.pem from the master when it changes.

      Though the CRL is initially downloaded from a CA and ‘cached’ that cache is never cleared causing multi-master setups to run with an increasingly outdated CRL.

      I think this bug is dangerous especially because the separate CA thing is new and people don’t realize, nor is it documented, that this is the current behavior.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                tlimoncelli Tom Limoncelli
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support