Hi,

Currently when 'restrict_registered_puppetmasters = false' it does not validate any SSL if 'require_ssl_puppetmasters = true'.

When setting restrict_registered_puppetmasters = false and require_ssl_puppetmasters = true it should make sure it still validates the SSL cert being passed by the remote client against the CA. This would give some layer of authentication if not using a smart proxy.

Thanks,
Matt