Details
-
Bug
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
SERVER 2.y
-
RHEL7.1, using puppetserver 2.x (have tested specifically with the RPMS for 2.0.0 and 2.1.1)
Puppet 4 (rpm is puppet-agent 1.1.0 and 1.2.2)
Both installed following the instructions provided on docs.puppetlabs.com
-
2
-
Server Emerald 2015-08-05, Server Emerald 2015-08-19, Server Emerald 2015-09-02
Description
It appears that the newer FreeIPA 4.x server provides new fields in the CA signed certificates that cause an interesting error. When running puppet-agent against a puppetserver with these certificates, an error is reported (as shown in attachment puppet-agent-error.txt). This produces a log of some 400+ lines, mostly traceback (as show in attachment puppetserver-errorlog.txt) indicating the error:
2015-07-28 18:10:28,851 ERROR [puppet-server] Puppet java.util.ArrayList cannot be cast to java.lang.String
Further investigation leads to show that a FreeIPA 3.x CA signed certificate does not incur this issue. To that end, I've included what appears to be the difference between the two signed certificates (attached as signed-certificates.diff).
I'm theorizing that the value 'X509v3 Extended Key Usage' is not accounted for in the puppetserver code.