Age | Commit message (Collapse) | Author | Files | Lines |
|
The http handler code contains a check to see if the expiration
date of the client certificate is within a certain window, so
that we can log a warning message if it will expire soon.
However, the mechanisms for handling this kind of check can
really vary depending on what web server you're running in, so
it doesn't make sense for this check to occur in a code path
that is common to all of the different web servers.
This commit simply moves the logic up into the code for
the individual web servers so that they will have the
ability to adjust the behavior according to their own
needs.
|
|
|
|
During every authenticated request, the expiration date of the involved
certificates is checked. However, if the localhost cert is loaded when the CA
cert is not present an authenticated request will be initiated to download the
CA cert. This triggers another expiration check for authenticated requests,
which loads the localhost cert, which initiates another authenticated request
to download the CA cert... and so on until stack space is exhausted.
This patch skips the expiration check for the localhost cert if the CA cert is
missing.
|
|
- All previous File and FileTest calls to exist? or exists? go through
the new FileSystem::File abstraction so that the implementation can
later be swapped for a Windows specific one to support symlinks
|
|
Without this patch Ruby 1.9 is still complaining loudly about trying to
parse the spec files. The previous attempt to clean up this problem in
edc3ddf works for Ruby 1.8 but not 1.9.
I'd prefer to remove the shebang lines entirely, but doing so will cause
encoding errors in Ruby 1.9. This patch strives for a happy middle
ground of convincing Ruby it is actually working with Ruby while not
confusing it to think it should exec() to rspec.
This patch is the result of the following command run against the source
tree:
find spec -type f -print0 | \
xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,'
|
|
Warnings are logged both when receiving a request and issuing a request
so that both the master and agent logs contain warnings. This increases
visibilty since the master logs are looked at more frequently, but also
ensures that the warnings make it into agent reports.
The new `Puppet::Network::Authentication` module contains the logic for
logging the expiration warnings (certificates are part of the
authentication process, hence the name). It uses a rate-limited logger
so that identical warnings as a result of multiple requests in the same
run are not logged. The minimum time between log messages is set to the
`runinterval` setting, since it is a good tradeoff between ensuring
visibility and noisiness.
|