Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9458

Create SSL state machine for downloading CA and CRL bundles

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Template:
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      Enhancement
    • Release Notes Summary:
      Modifies the `puppet ssl` application to use a state machine to download the CA and CRL bundles instead of Puppet::SSL::Host.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Create a state machine for downloading CA and CRL bundles. It should verify each cert and CRL before committing them to disk, eg should be valid X509 objects and signatures should be valid. The state machine should produce an SSLContext initialized with those objects so that subsequent requests are guaranteed to authenticate the server (VERIFY_PEER).

        Attachments

          Activity

            People

            Assignee:
            josh Josh Cooper
            Reporter:
            josh Josh Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support