Details

    • Type: Sub-task
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.0.0
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Server
    • Release Notes:
      Not Needed
    • QA Risk Assessment:
      Needs Assessment

      Description

      Currently the puppet agent does not correctly handle chained CRLs. When using an intermediate CA, users must now turn on leaf-only checking for CRLs to work around this. Puppet needs to be able to verify the revocation status of the master using the whole chain, not just the leaf.

      This is complicated by the indirector, which hard codes an assumption that we only have one CRL. We should sidestep the indirector here to handle bundled CRLs properly, adding all of them to trust store, not just the leaves.

        Attachments

          Issue Links

            Activity

              jsd-sla-details-panel

                People

                • Assignee:
                  tony.vu Tony Vu
                  Reporter:
                  maggie Maggie Dreyer
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: