Feature/certutil pin #14
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
To quote other Puppet contributors: This Misconception lies in the Code since the most early Days. When adding one's own SSL bundle, the cert db is generated with a password, but the password was never used by the 'exec' that changes the trust settings. This results in 'certutil' trying to open a terminal to prompt for the password, which fails, which crashes the Puppet run. The short version is that the temporary password file must always be generated and used, not just when generating self-signed certs.
Currently, there is a bug in that supplying 'cert_name' into the ssl hash will cause the Exec that changes the trust to operate on that name, however the pk12 creation step uses the server fqdn for the name. The result is the trust-modify Exec failing, crashing the Puppet run.
|
@sboyd-m, would you please help me to understand the changes you've made... Which bugs were adressed/fixed? Which config triggers these bugs? Is anything backwards-incompatible in this PR? |
|
Is there not enough information in the commit messages? I described the bugs there, let me know if something is unclear so I can reword them. Regarding backwards compatibility, I believe it should be fine, since the only changes are to |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We had some patches applied to a fork of the spacepants module, and we need to update to this new module. However, it seems some of the old bugs were never fixed, so here are updated versions of the patches. We really, really don't want to drag around another fork.