[PUP-9456] Create SSLContext and SSLProvider - Puppet Jira Server

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.4.0
Component/s: None
Labels:
- resolved-issue-added

Epic Link:
Simplify agent SSL initialization
Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
New Feature
Release Notes Summary:

Hide
This is a dark feature, not accessible to users until later, and shouldn't be documented until then.

Adds an API for creating an SSLContext containing certs and keys needed to make an SSL connection

Show
This is a dark feature, not accessible to users until later, and shouldn't be documented until then. Adds an API for creating an SSLContext containing certs and keys needed to make an SSL connection

QA Risk Assessment:
Needs Assessment

Description

Create an SSLProvider responsible for generating SSLContext objects containing all cert/key material needed to create an SSL connection. This includes the X509 store, CA certs, CRLs, revocation mode, client cert, private key, and peer verification mode.

The provider should have methods for creating an SSLContext for 3 different use cases:
1. No authentication: We don't have any certs, and need to download the CA bundle.
2. Server verification: We have a CA certs (and optionally CRLs), but no client cert/private key
3. Mutual authentication: We have CA certs (and optionally CRLs), private key, and client cert

Attachments

Activity

People

Assignee:: Josh Cooper

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019/01/23 3:30 PM

Updated:: 2019/03/26 5:24 PM

Resolved:: 2019/03/07 2:32 PM