Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9481

Setting certname in multiple sections bypasses validation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: PUP 6.0.5
    • Fix Version/s: PUP 7.0.0, PUP 6.20.0
    • Component/s: None
    • Labels:
    • Template:
      PUP Bug Template
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Customer Feedback
    • CS Priority:
      Reviewed
    • Zendesk Ticket IDs:
      34788
    • Zendesk Ticket Count:
      1
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Hide
      Previously puppet only validated the "certname" setting if the was specified in the "main" setting, but not if the value was in a non-global setting such as "agent". As a result, it was possible to set the "certname" setting to a value containing uppercase letters, which prevented the agent from obtaining a certificate the next time it ran. Puppet now validates the certname setting regardless of which setting the value is specified in.
      Show
      Previously puppet only validated the "certname" setting if the was specified in the "main" setting, but not if the value was in a non-global setting such as "agent". As a result, it was possible to set the "certname" setting to a value containing uppercase letters, which prevented the agent from obtaining a certificate the next time it ran. Puppet now validates the certname setting regardless of which setting the value is specified in.
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 6.0.5
      Puppet Server Version: N/A
      OS Name/Version: Windows Server 2012, CentOS 7

      When a config file is created with the certname setting on both the agent and main sections as follows:

      [main]
      certname = my-windows-server.puppet.com
      [agent]
      certname = MY-WINDOWS-SERVER.puppet.com
      

      Puppet's validation that certnames must be lowercase if bypassed and allows for very broken certs to be generated

      Desired Behavior: Cert generation fails with "Error: Could not initialize global default settings: Certificate names must be lower case"

      Actual Behavior: Certs are generated with uppercase names

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              josh Josh Cooper
              Reporter:
              dylan.ratcliffe Dylan Ratcliffe
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support