[PUP-9456] Create SSLContext and SSLProvider Created: 2019/01/23  Updated: 2019/03/26  Resolved: 2019/03/07

Status: Closed
Project: Puppet
Component/s: None
Affects Version/s: None
Fix Version/s: PUP 6.4.0

Type: New Feature Priority: Normal
Reporter: Josh Cooper Assignee: Josh Cooper
Resolution: Fixed Votes: 0
Labels: resolved-issue-added
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Epic Link: Simplify agent SSL initialization
Team: Coremunity
Sprint: Platform Core KANBAN
Release Notes: New Feature
Release Notes Summary: This is a dark feature, not accessible to users until later, and shouldn't be documented until then.

Adds an API for creating an SSLContext containing certs and keys needed to make an SSL connection
QA Risk Assessment: Needs Assessment


Create an SSLProvider responsible for generating SSLContext objects containing all cert/key material needed to create an SSL connection. This includes the X509 store, CA certs, CRLs, revocation mode, client cert, private key, and peer verification mode.

The provider should have methods for creating an SSLContext for 3 different use cases:
1. No authentication: We don't have any certs, and need to download the CA bundle.
2. Server verification: We have a CA certs (and optionally CRLs), but no client cert/private key
3. Mutual authentication: We have CA certs (and optionally CRLs), private key, and client cert

Comment by Kris Bosland [ 2019/02/27 ]

Merged into master at 0534474.

Comment by Josh Cooper [ 2019/03/07 ]

Passed CI in 1d584b738fb2e95a0d31a27c205883d49789aa2e

Generated at Fri Aug 07 09:08:51 PDT 2020 using Jira 8.5.2#805002-sha1:a66f9354b9e12ac788984e5d84669c903a370049.