Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9458

Create SSL state machine for downloading CA and CRL bundles

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Modifies the `puppet ssl` application to use a state machine to download the CA and CRL bundles instead of Puppet::SSL::Host.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Create a state machine for downloading CA and CRL bundles. It should verify each cert and CRL before committing them to disk, eg should be valid X509 objects and signatures should be valid. The state machine should produce an SSLContext initialized with those objects so that subsequent requests are guaranteed to authenticate the server (VERIFY_PEER).

        Attachments

          Activity

            People

            • Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support