Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9459

Create SSL state machine for generating a client cert


    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Puppet now uses the SSL state machine to generate its private key, submit a CSR, and retrieve its client cert.
    • QA Risk Assessment:
      Needs Assessment


      Create an SSL state machine for loading/generating a private key, loading/submitting a CSR, and loading/downloading a client cert. The state machine should verify the consistency of the data before committing changes to disk and moving to the next state. For example, if we download the client cert, but its public key doesn't match our private key, then the cert should be discarded and an error generated. Connections should always authenticate the server (VERIFY_PEER) and never downgrade to VERIFY_NONE. The state machine should generate an SSLContext initialized with the CA certs, CRL bundle, client cert and private key so that all future connections are mutually authenticated.


          Issue Links



              • Assignee:
                josh Josh Cooper
                josh Josh Cooper
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created:

                  Zendesk Support