Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-9746

Puppet ssl submit_request does not translate custom oids correctly

    Details

    • Template:
      PUP Bug Template
    • Team:
      Coremunity
    • Sprint:
      Platform Core KANBAN
    • Method Found:
      Needs Assessment
    • Release Notes:
      Bug Fix
    • Release Notes Summary:
      Puppet now registers OIDs in the SSL application.
    • QA Risk Assessment:
      Needs Assessment

      Description

      When defining an extension request in csr_attributes.yaml, like so:

      ---
      extension_requests:
        pp_role: pe_compiler 
      

      Running `puppet ssl submit_request` results in the following error:

      Error: Could not run: Failed to submit certificate request: Cannot create CSR with extension request pp_role: OBJ_txt2obj: first num too large
      Wrapped exception:
      Cannot create CSR with extension request pp_role: OBJ_txt2obj: first num too large
      

      However, doing a puppet agent run to generate the CSR works fine.

      Per Josh Cooper, the SSL application may be registering the oids like the puppet agent code path does, and the call to `Puppet::SSL::Oids.register_puppet_oids` should be moved to the SSL provider, instead of each application having to do it. Also, Puppet's `certificate_extensions.rb` beaker test only runs `puppet agent` and should be expanded to include at least `puppet ssl`.

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                kris.bosland Kris Bosland
                Reporter:
                nick.burgan-illig Nick Burgan
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: