diff options
| author | Luke Kanies <luke@madstop.com> | 2008-08-07 17:38:26 -0700 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-08-07 17:38:26 -0700 |
| commit | 2cad30a18c5e0e4fb93603ab422c290a62d45131 (patch) | |
| tree | 253eba019e8b55e7688aeb0df01edfd6f8440291 | |
| parent | 93fd55fdaa409020f18001ac436ddad9b6c491e4 (diff) | |
| download | puppet-2cad30a18c5e0e4fb93603ab422c290a62d45131.tar.gz puppet-2cad30a18c5e0e4fb93603ab422c290a62d45131.tar.xz puppet-2cad30a18c5e0e4fb93603ab422c290a62d45131.zip | |
Caching the SSL store for the SSL Host.
We were creating a new SSL store every time, which
caused problems during testing -- it created
an infinite loop when trying to create the
store while looking up the CRL.
Signed-off-by: Luke Kanies <luke@madstop.com>
| -rw-r--r-- | lib/puppet/ssl/host.rb | 19 | ||||
| -rwxr-xr-x | spec/unit/ssl/key.rb | 2 |
2 files changed, 12 insertions, 9 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index 6bbd93853..a449dcc7e 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -168,17 +168,20 @@ class Puppet::SSL::Host # Create/return a store that uses our SSL info to validate # connections. def ssl_store(purpose = OpenSSL::X509::PURPOSE_ANY) - store = OpenSSL::X509::Store.new - store.purpose = purpose + unless defined?(@ssl_store) and @ssl_store + @ssl_store = OpenSSL::X509::Store.new + @ssl_store.purpose = purpose - store.add_file(Puppet[:localcacert]) + @ssl_store.add_file(Puppet[:localcacert]) - # If there's a CRL, add it to our store. - if crl = Puppet::SSL::CertificateRevocationList.find("ca") - store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK - store.add_crl(crl.content) + # If there's a CRL, add it to our store. + if crl = Puppet::SSL::CertificateRevocationList.find("ca") + @ssl_store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK + @ssl_store.add_crl(crl.content) + end + return @ssl_store end - return store + @ssl_store end # Attempt to retrieve a cert, if we don't already have one. diff --git a/spec/unit/ssl/key.rb b/spec/unit/ssl/key.rb index 66ed510a3..b23470451 100755 --- a/spec/unit/ssl/key.rb +++ b/spec/unit/ssl/key.rb @@ -22,7 +22,7 @@ describe Puppet::SSL::Key do end it "should only support the text format" do - @class.supported_formats.should == [:str] + @class.supported_formats.should == [:s] end it "should have a method for determining whether it's a CA key" do |