Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-8652 Agents should be able to use CA and CRL bundles
  3. PUP-8655

Agent should use whole cert bundle to verify master's credentials

    XMLWordPrintable

    Details

    • Type: Sub-task
    • Status: Resolved
    • Priority: Normal
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Template:
    • Team:
      Froyo
    • QA Risk Assessment:
      Needs Assessment

      Description

      Once we can properly download cert bundles, we need to ensure that trust chain checking still works. All of the code in puppet is written as though it assumes that it is handling only one cert, even though SSL correctly handles the bundled cert. At very least we should update Puppet's semantics to make it more clear that we are potentially handling a cert bundle.

      This entails not using the indirector to load the cert bundle from disk. The new implementation should have the right semantics; i.e. should not refer to it as if it will always be a single cert.

        Attachments

          Activity

            People

            Assignee:
            tony.vu Tony Vu
            Reporter:
            maggie Maggie Dreyer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support