Project

General

Profile

Bug #162

Certificate will not be removed when FQDN has uppercase letters

Added by Ric Danger almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
PuppetCA
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

Hi,

I found out that pupept certificate will not be removed when the host FQDN has uppercase letters.

Regards,
Ricardo

Associated revisions

Revision f1832124 (diff)
Added by Ohad Levy almost 9 years ago

fixes 162 - Certificate will not be removed when FQDN has uppercase letters

History

#1 Updated by Ric Danger almost 9 years ago

  • % Done changed from 0 to 30

This patch should fix it.

diff rupN vendor/plugins/proxy/lib/proxy.rb vendor/plugins/proxy/lib/proxy.rb
--
vendor/plugins/proxy/lib/proxy.rb 2009-12-14 07:57:25.000000000 0000
+
+ vendor/plugins/proxy/lib/proxy.rb 2010-01-29 15:48:29.000000000 0000
@ -81,12 +81,12 @ module GW
return false
end
begin
- if (ssldir + "ca/signed/#{fqdn}.pem").file?
if (ssldir + "ca/signed/#{fqdn.downcase}.pem").file?
command = "/usr/bin/sudo S #{@sbin}/puppetca --clean #{fqdn}< /dev/null"
logger.info system(command)
return true
else
logger.warn ssldir + "PuppetCA: ca/signed/#{fqdn}.pem does not exists - skipping"
+ logger.warn ssldir + "PuppetCA: ca/signed/#{fqdn.downcase}.pem does not exists - skipping"
return true
end
rescue StandardError => e

#2 Updated by Ric Danger almost 9 years ago

  • Status changed from New to Closed
  • % Done changed from 30 to 100

#3 Updated by Ohad Levy almost 9 years ago

  • Status changed from Closed to New

Hi, its not yet closed as it was not pushed to the repo :)

what about the sign method ? isnt that affected as well?

you could generally do it in a oneliner, something like
fqdn.downcase! as the first line after the def line.

#4 Updated by Ric Danger almost 9 years ago

Ohad Levy wrote:

Hi, its not yet closed as it was not pushed to the repo :)

what about the sign method ? isnt that affected as well?

you could generally do it in a oneliner, something like
fqdn.downcase! as the first line after the def line.

Nop.
The problem was that foreman checks for the file on the ssl/signed directory, using the fqdn case.
Puppetca cert files are always lowercase. So, if the case was not matched, foreman would not run puppetca --clean.
Puppetca commands are case-insensitive, so there is no problem here.

#5 Updated by Ohad Levy almost 9 years ago

  • Category set to PuppetCA
  • Status changed from New to Assigned
  • Assignee set to Ohad Levy
  • Target version set to 0.1-4

#6 Updated by Ohad Levy almost 9 years ago

  • Status changed from Assigned to Ready For Testing

#7 Updated by Ohad Levy almost 9 years ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF