| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2013-04-04 | (#20027) Spec examples of how ssl_client_ca_auth behaves | Jeff McCune | 1 | -0/+74 | |
| 2012-09-26 | (Maint) Remove rspec from shebang line | Jeff McCune | 1 | -1/+1 | |
| Without this patch Ruby 1.9 is still complaining loudly about trying to parse the spec files. The previous attempt to clean up this problem in edc3ddf works for Ruby 1.8 but not 1.9. I'd prefer to remove the shebang lines entirely, but doing so will cause encoding errors in Ruby 1.9. This patch strives for a happy middle ground of convincing Ruby it is actually working with Ruby while not confusing it to think it should exec() to rspec. This patch is the result of the following command run against the source tree: find spec -type f -print0 | \ xargs -0 perl -pl -i -e 's,^\#\!\s?/(.*)rspec,\#! /usr/bin/env ruby,' | |||||
| 2012-07-10 | (#3120) Disambiguate the localcacert setting | Jeff McCune | 1 | -0/+60 | |
| Without this patch applied the localcacert setting is woefully overloaded. The following behaviors are layered on top: * Client authentication of the SSL server * Server authentication of the SSL client * Puppet CA signing and issuing certificates In addition, we plan to fully support CA chains in #3143 which will introduce two additional scenarios of CA certificates that build trust but are not used for authentication. Puppet has assumed in the past that all of these behaviors built on top of a single, self signed CA certificate. This is a problem because there is no distinction between a bundle of CA certificates that are usable to authenticate the peer in an SSL connection. This patch fixes the problem by introducing two new configuration options, ssl_server_ca_auth and ssl_client_ca_auth. Both of these settings will default to the localcacert setting. This is slightly confusing because the file pointed to by the localcacert setting could contain a bundle of CA certificates. However, Puppet would treat this file as the CA certificate itself so any use of multiple CA certificates would only work by accident. With this patch we now explicitly support authenticating against multiple certificate authorities but we do not yet fully support authenticating against chained certificate authorities. The patch also introduces ssl_client_ca_chain and ssl_server_ca_chain as commented out options in defaults.rb because these options will be required for #3143. Paired-with: Patrick Carlisle <patrick@puppetlabs.com> | |||||
 |
index : puppet | |
| [no description] | Dyson |
| summaryrefslogtreecommitdiff |