Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-2569

"puppet cert revoke <name>" doesn't always revoke what you expect

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • None
    • PUP 3.7.0
    • Networking
    • None
    • 1
    • Week 2014-6-11 to 2014-6-18

    Description

      When revoking a certificate by name and there is not certificate by that name present (for instance if the certificates were deleted) the "puppet cert" command falls back to the inventory.txt file to find the serial number. When it does this it ends up only revoking the first serial number recorded in the file. This leaves the most recent certificate (and possibly others) unrevoked.

      Revoking the wrong certificate

      > be puppet cert clean testing
      Notice: Revoked certificate with serial 2
      Notice: Removing file Puppet::SSL::Certificate testing at '/Users/andy/.puppet/ssl/ca/signed/testing.pem'
      Notice: Removing file Puppet::SSL::Certificate testing at '/Users/andy/.puppet/ssl/certs/testing.pem'
      Notice: Removing file Puppet::SSL::Key testing at '/Users/andy/.puppet/ssl/private_keys/testing.pem'
       
      > be puppet cert generate testing
      Notice: testing has a waiting certificate request
      Notice: Signed certificate request for testing
      Notice: Removing file Puppet::SSL::CertificateRequest testing at '/Users/andy/.puppet/ssl/ca/requests/testing.pem'
      Notice: Removing file Puppet::SSL::CertificateRequest testing at '/Users/andy/.puppet/ssl/certificate_requests/testing.pem'
       
      > rm ~/.puppet/ssl/ca/signed/testing.pem
      > rm ~/.puppet/ssl/certs/testing.pem
      > rm ~/.puppet/ssl/private_keys/testing.pem
       
      > be puppet cert revoke testing
      Notice: Revoked certificate with serial 2
      

      On the last revoke it should have revoked serial 3 instead of serial 2.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              andy Andrew Parker
              Eric Thompson Eric Thompson
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support