[PUP-9746] Puppet ssl submit_request does not translate custom oids correctly - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: PUP 6.0.10, PUP 6.4.3, PUP 6.6.0
Component/s: None
Labels:
- resolved-issue-added

Team:
Coremunity
Sprint:
Platform Core KANBAN
Method Found:
Needs Assessment

Release Notes:
Bug Fix
Release Notes Summary:
Puppet now registers OIDs in the SSL application.

QA Risk Assessment:
Needs Assessment

Description

When defining an extension request in csr_attributes.yaml, like so:

---

extension_requests:

  pp_role: pe_compiler

Running `puppet ssl submit_request` results in the following error:

Error: Could not run: Failed to submit certificate request: Cannot create CSR with extension request pp_role: OBJ_txt2obj: first num too large

Wrapped exception:

Cannot create CSR with extension request pp_role: OBJ_txt2obj: first num too large

However, doing a puppet agent run to generate the CSR works fine.

Per josh, the SSL application may be registering the oids like the puppet agent code path does, and the call to `Puppet::SSL::Oids.register_puppet_oids` should be moved to the SSL provider, instead of each application having to do it. Also, Puppet's `certificate_extensions.rb` beaker test only runs `puppet agent` and should be expanded to include at least `puppet ssl`.

Attachments

Activity

People

Assignee:: Kris Bosland

Reporter:: Nick Burgan

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2019/06/10 4:10 PM

Updated:: 2019/07/02 9:25 AM

Resolved:: 2019/06/28 9:59 AM