Uploaded image for project: 'Puppet Server'
  1. Puppet Server
  2. SERVER-558

Custom certificate extension values wrapped in PS 1.0.8

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: SERVER 1.0.8
    • Fix Version/s: SERVER 1.y, SERVER 2.y
    • Component/s: None
    • Labels:
    • Template:
    • Sub-team:
    • Story Points:
      1
    • Release Notes:
      Known Issue

      Description

      For SERVER-119, some work was done to ensure that the values for custom certificate extensions were represented as UTF8Strings within the payload of an OctetString rather than just being a raw value inside of an OctetString. This work was done to ensure that custom certificate extensions follow the format specified in RFC 5280.

      As this is technically a breaking change in the content produced for new certificates, this work was intended to go into Puppet Server 2.X and Puppet 4.x only. However, by bumping Puppet Server 1.0.8's dependency on puppetabs/ssl-utils to version 0.8.0, this change ended up going into Puppet Server 1.0.8 as well.

      For backward compatibility, the ssl-utils 0.8.0 implementation will handle properly decoding a certificate that has extensions with raw values inside of an OctetString. Beyond just the change in content generated, the only problem this issue should pose is that a certificate generated for Puppet Server 1.0.8 that has custom extensions would not be properly decodable, e.g., trusted facts would not be retrievable when referenced by manifests, if used in a prior Puppet Server 1.0.x release. If a certificate had been generated for Puppet Server 1.0.8, then, the use of it could cause problems on a downgrade to Puppet Server 1.0.2 or earlier.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              jeremy.barlow Jeremy Barlow
              QA Contact:
              Erik Dasher
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Zendesk Support