Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9459

Create SSL state machine for generating a client cert

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Puppet now uses the SSL state machine to generate its private key, submit a CSR, and retrieve its client cert.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Create an SSL state machine for loading/generating a private key, loading/submitting a CSR, and loading/downloading a client cert. The state machine should verify the consistency of the data before committing changes to disk and moving to the next state. For example, if we download the client cert, but its public key doesn't match our private key, then the cert should be discarded and an error generated. Connections should always authenticate the server (VERIFY_PEER) and never downgrade to VERIFY_NONE. The state machine should generate an SSLContext initialized with the CA certs, CRL bundle, client cert and private key so that all future connections are mutually authenticated.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                josh Josh Cooper
                Reporter:
                josh Josh Cooper
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Zendesk Support