Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9459

Create SSL state machine for generating a client cert

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: PUP 6.4.0
    • Component/s: None
    • Template:
    • Team:
      Coremunity
    • CVE-ID:
      CVE-2018-11751
    • Sprint:
      Platform Core KANBAN
    • Release Notes:
      New Feature
    • Release Notes Summary:
      Puppet now uses the SSL state machine to generate its private key, submit a CSR, and retrieve its client cert.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Create an SSL state machine for loading/generating a private key, loading/submitting a CSR, and loading/downloading a client cert. The state machine should verify the consistency of the data before committing changes to disk and moving to the next state. For example, if we download the client cert, but its public key doesn't match our private key, then the cert should be discarded and an error generated. Connections should always authenticate the server (VERIFY_PEER) and never downgrade to VERIFY_NONE. The state machine should generate an SSLContext initialized with the CA certs, CRL bundle, client cert and private key so that all future connections are mutually authenticated.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              josh Josh Cooper
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support