[PUP-9964] Puppet Server CA auth is missing from the list of recognized certificate extensions - Puppet Jira Server

XML

Word

Printable

Details

Type: Bug
Status: Accepted
Priority: Normal
Resolution: Unresolved
Affects Version/s: PUP 5.5.16, PUP 6.4.3, PUP 6.7.2
Fix Version/s: None
Component/s: None
Labels:
- Easy
- low-hanging-fruit

Team:
Coremunity
Method Found:
Needs Assessment

QA Risk Assessment:
Needs Assessment

Description

As part of ~~SERVER-2287~~, OID 1.3.6.1.4.1.34380.1.3.39 was designated as the certificate extension that allows a certificate to make REST calls to the CA API:

https://github.com/puppetlabs/puppetserver/blob/6.5.0/src/clj/puppetlabs/puppetserver/certificate_authority.clj#L196-L199

However, this OID was never added to the list of extensions that Puppet's Ruby code recognizes:

https://github.com/puppetlabs/puppet/blob/6.7.2/lib/puppet/ssl/oids.rb

Attachments

Issue Links

is blocked by

SERVER-2357 Rename CLI auth extension to follow naming conventions

Closed

relates to

SERVER-2355 Document Puppet Server's pp_cli_auth setting in auth.conf

Open

SERVER-2287 The master cert created by `generate` should have custom extensions for the `cert_status` endpoint auth

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Charlie Sharpsteen

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019/08/13 11:26 AM

Updated:: 2022/10/19 8:47 PM