Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8563

The puppet agent should have a 'local' mode for CRL checking

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Duplicate
    • Affects Version/s: PUP 5.4.0
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Acceptance Criteria:
      Hide

      Puppet Agent does not attempt to download a CRL and uses the designated local file. Agent fails if the local file is not present or is invalid/outdated.

      Show
      Puppet Agent does not attempt to download a CRL and uses the designated local file. Agent fails if the local file is not present or is invalid/outdated.
    • Team:
      Coremunity
    • Method Found:
      Customer Feedback
    • QA Risk Assessment:
      Needs Assessment

      Description

      According to the documentation at https://puppet.com/docs/puppet/5.4/configuration.html#certificaterevocation the certificate_revocation option, when set to anything but false will cause the client to try to download the CRL.

      If a user is using an external CA, then they should have the option to update the CRL file on the local system and set this to local so that the client can use the CRL placed using whatever method is deemed appropriate for the environment.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              peiriannydd Trevor Vaughan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support