[SERVER-2944] Make puppetserver http client respect `include_system_store` option - Puppet Jira Server

XML

Word

Printable

Details

Type: Task
Status: Resolved
Priority: Low
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 6.20.0, SERVER 7.8.0
Component/s: None
Labels:
- docs_reviewed

Epic Link:
Use System cert store
Team:
Froyo
Story Points:
2
Sprint:
Froyo - On Deck, Froyo - 4/27/2022

Release Notes:
Enhancement
Release Notes Summary:
Puppet Server's Ruby HTTP client now supports loading certificates from the system trust store that is included with Puppet Agent, as well as loading certs from a file or Java cert store at an arbitrary location via the `ssl_trust_store` setting.

QA Risk Assessment:
Needs Assessment

Description

The Puppet HTTP client API accepts an include_system_store option to its HTTP methods (e.g. get, post). When true, this option should cause the request to use an SSL context containing certificates from the system store.

In ~~SERVER-2943~~, made the clj-http-client understand how to create an SSL context with system certs in it. We need to plumb this flag through from the request options to the underlying clj-http-client, where we load the store, and have it load the new store with system certs instead.

Testing: We expect this to be tested sufficiently at the clojure integration level.

Attachments

Issue Links

blocks

SERVER-1543 com.puppetlabs.http.client should allow adding certificates to supplement Puppet CA

Resolved

is blocked by

SERVER-2943 Allow clj-http-client to optionally load system stores from agent's bundle

Resolved

Activity

People

Assignee:: Justin Stoller

Reporter:: Maggie Dreyer

Votes:: 2 Vote for this issue

Watchers:: 10 Start watching this issue

Dates

Created:: 2021/01/19 3:15 PM

Updated:: 2022/07/25 9:36 AM

Resolved:: 2022/05/24 10:07 AM