[PUP-4617] puppet cert list should display long names for extensions Created: 2015/05/15  Updated: 2016/08/11  Resolved: 2016/05/26

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: PUP 4.0.0
Fix Version/s: PUP 4.6.0

Type: Improvement Priority: Normal
Reporter: Josh Cooper Assignee: Unassigned
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
relates to PUP-2995 Allow certificate extensions to refer... Closed
Story Points: 1
Sprint: Client 2016-05-18, Client 2016-06-01
Release Notes: New Feature
Release Notes Summary: cert list now displays long names for extensions


PUP-2995 allows certificate extensions to be referenced in manifests using the short name of the extension.

However, when executing `puppet cert print <certname>`, we print the oid as the name of the extension:

bundle exec puppet cert print <hostname>
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
someotherdata   .

Since we now have a capability to specify the mapping of oid to short and long names, it would be useful to print the long name, like is done with other "known" extensions:

 $ bundle exec puppet cert print <hostname> --trusted_oid_mapping_file oid.yaml
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            My Long Name:
            My Other Long Name:
someotherdata   .

This is a one line change to the cert application, and perhaps certificate too?

 $ git diff
diff --git a/lib/puppet/application/cert.rb b/lib/puppet/application/cert.rb
index 833840b..1453717 100644
--- a/lib/puppet/application/cert.rb
+++ b/lib/puppet/application/cert.rb
@@ -230,6 +230,7 @@ Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License
     exit(Puppet.settings.print_configs ? 0 : 1) if Puppet.settings.print_configs?
+    Puppet::SSL::Oids.load_custom_oid_file(Puppet[:trusted_oid_mapping_file])

Comment by Eric Thompson [ 2016/05/26 ]

validated on rhel7 at stable puppet agent SHA: ab8106c06ce0fe5f41c3aff3f62ecec233c586c7

Last login: Fri Dec  4 12:55:37 2015 from
[root@pqo92adku4aj9ee ~]# puppet cert print $(hostname -f)
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
        X509v3 extensions:
            Netscape Comment:
                .(Puppet Ruby/OpenSSL Internal Certificate
            X509v3 Subject Alternative Name:
                DNS:pqo92adku4aj9ee, DNS:pqo92adku4aj9ee.delivery.puppetlabs.net, DNS:puppet
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: critical
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical

Generated at Sun May 31 12:14:22 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.