[PUP-9458] Create SSL state machine for downloading CA and CRL bundles - Puppet Jira Server

XML

Word

Printable

Details

Type: New Feature
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.4.0
Component/s: None
Labels:
- resolved-issue-added

Epic Link:
Simplify agent SSL initialization
Team:
Coremunity
Sprint:
Platform Core KANBAN

Release Notes:
Enhancement
Release Notes Summary:
Modifies the `puppet ssl` application to use a state machine to download the CA and CRL bundles instead of Puppet::SSL::Host.

QA Risk Assessment:
Needs Assessment

Description

Create a state machine for downloading CA and CRL bundles. It should verify each cert and CRL before committing them to disk, eg should be valid X509 objects and signatures should be valid. The state machine should produce an SSLContext initialized with those objects so that subsequent requests are guaranteed to authenticate the server (VERIFY_PEER).

Attachments

Activity

People

Assignee:: Josh Cooper

Reporter:: Josh Cooper

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2019/01/23 3:36 PM

Updated:: 2019/03/26 5:24 PM

Resolved:: 2019/03/14 10:12 AM