PUP-8655, PUP-8656, and PUP-8653 were all touching much of the same code, we opted to just merge the PRs as is and refactor overlapping interests after those had been merged. This ticket is to track that work and make sure it gets done.
Areas for refactor:
- Overlapping functionality in decode_cert_bundle from Puppet::SSL::DefaultValidator; probably need specific function for decoding crls and cert bundles
- Usage of PuppetSpec::SSL in spec tests for Puppet::SSL::DefaultValidator
- Factor out logic around verify mode for HTTP connections, for use by Rest::Client and SSL::DefaultValidator