Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-2740

Prune duplicate entries from CRL

    XMLWordPrintable

Details

    • Froyo
    • 5
    • Froyo - 7/14/2021, Froyo - 7/28/2021, Froyo - 8/11/2021
    • New Feature
    • The subcommand 'prune' is implemented for Puppetserver's CA CLI tool. This subcommand allows the user to deduplicate revoked certificates on CRL that is issued by Puppet's CA certificate.
    • Needs Assessment

    Description

      Puppet's CRL is prone to duplicate entries. We should add a command to the CA CLI that will deduplicate the CRL, only to be run when the server is offline. (This should go in both PE streams)

      Outcomes

      • New command in the CA CLI gem to deduplicate the CRL - check in with UX about whatever command syntax we come up with to make sure it's user-friendly.
      • Include debug output for what is being purged.
      • Check performance for a large CRL with many duplicates (see comments in SERVER-2509). Should not be "unreasonably" slow.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-2509 Prevent duplicate entries in Puppet CA's CRL

          • Normal - Regular issue, some loss of functionality under specific circumstances.
          • Resolved

          Activity

            People

              tu.vu Tu Vu
              nick.walker Nick Walker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support