Project

General

Profile

Bug #162

Certificate will not be removed when FQDN has uppercase letters

Added by Ric Danger over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
PuppetCA
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

Hi,

I found out that pupept certificate will not be removed when the host FQDN has uppercase letters.

Regards,
Ricardo

Associated revisions

Revision f1832124 (diff)
Added by Ohad Levy over 10 years ago

fixes 162 - Certificate will not be removed when FQDN has uppercase letters

History

#1 Updated by Ric Danger over 10 years ago

  • % Done changed from 0 to 30

This patch should fix it.

diff rupN vendor/plugins/proxy/lib/proxy.rb vendor/plugins/proxy/lib/proxy.rb
--
vendor/plugins/proxy/lib/proxy.rb 2009-12-14 07:57:25.000000000 0000
+
+ vendor/plugins/proxy/lib/proxy.rb 2010-01-29 15:48:29.000000000 0000
@ -81,12 +81,12 @ module GW
return false
end
begin
- if (ssldir + "ca/signed/#{fqdn}.pem").file?
if (ssldir + "ca/signed/#{fqdn.downcase}.pem").file?
command = "/usr/bin/sudo S #{@sbin}/puppetca --clean #{fqdn}< /dev/null"
logger.info system(command)
return true
else
logger.warn ssldir + "PuppetCA: ca/signed/#{fqdn}.pem does not exists - skipping"
+ logger.warn ssldir + "PuppetCA: ca/signed/#{fqdn.downcase}.pem does not exists - skipping"
return true
end
rescue StandardError => e

#2 Updated by Ric Danger over 10 years ago

  • Status changed from New to Closed
  • % Done changed from 30 to 100

#3 Updated by Ohad Levy over 10 years ago

  • Status changed from Closed to New

Hi, its not yet closed as it was not pushed to the repo :)

what about the sign method ? isnt that affected as well?

you could generally do it in a oneliner, something like
fqdn.downcase! as the first line after the def line.

#4 Updated by Ric Danger over 10 years ago

Ohad Levy wrote:

Hi, its not yet closed as it was not pushed to the repo :)

what about the sign method ? isnt that affected as well?

you could generally do it in a oneliner, something like
fqdn.downcase! as the first line after the def line.

Nop.
The problem was that foreman checks for the file on the ssl/signed directory, using the fqdn case.
Puppetca cert files are always lowercase. So, if the case was not matched, foreman would not run puppetca --clean.
Puppetca commands are case-insensitive, so there is no problem here.

#5 Updated by Ohad Levy over 10 years ago

  • Category set to PuppetCA
  • Status changed from New to Assigned
  • Assignee set to Ohad Levy
  • Target version set to 0.1-4

#6 Updated by Ohad Levy over 10 years ago

  • Status changed from Assigned to Ready For Testing

#7 Updated by Ohad Levy over 10 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF