Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-3053

Puppet Server Fails to Validate Keys on Fedora 34

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Do
    • Affects Version/s: SERVER 7.y
    • Fix Version/s: None
    • Component/s: Puppet Server
    • Labels:
      None
    • Template:
      PUP Bug Template
    • Method Found:
      Needs Assessment
    • QA Risk Assessment:
      Needs Assessment

      Description

      Puppet Version: 7.8.0
      Puppet Server Version: 7.2.0
      OS Name/Version:

      I have RedHat el8 packages for puppet agent and puppet server installed on Fedora 32 and Fedora 34. The Fedora 32 installation works but the Fedora 34 doesn't.

      Desired Behavior:

      Agents on client machines work as expected.

      Actual Behavior:

      Connections fail with SSL_connect returned=1 errno=0 state=error: sslv3 alert certificate unknown.

       

      If I mount a Fedora 32 image and run puppetserver in a chroot environment it works even with /opt/puppetlabs, /etc/puppetlabs and /etc/syconfig/puppetserver bind mounted so that the puppet configuration is identical in the Fedora 34 and Fedora 32 imagesa nd because it is in a chroot environment, both cases use the same kernel and same network and services (like dns).

      Adding -Djavax.net.debug=ssl -Djava.security.debug=access to JAVA_ARGS results in "java.security.cert.CertPathValidatorException: Could not determine revocation status", whereas for the Fedora 32 case, I get "Found trusted certificate:" at the same place.

      I am using the traditional self signed certificate and for both cases the logs show:

      ***

      adding as trusted cert:
      Subject: CN=Puppet CA: puppet.beware.dropbear.id.au
      Issuer: CN=Puppet CA: puppet.beware.dropbear.id.au
      Algorithm: RSA; Serial number: 0x1
      Valid from Mon Feb 12 23:22:49 ACDT 2018 until Sun Feb 12 23:22:49 ACDT 2023

      and the keys are identical.

      I have installed the Fedora 32 version of java 8 on Fedora 34 and it still doesn't work.

       

       

        Attachments

        1. container.conf
          0.4 kB
        2. puppetserver.log
          0.9 kB
        3. puppetserver-bad.log
          251 kB
        4. puppetserver-container
          2 kB

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            iandall Ian Dall
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support