diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2010-07-07 17:01:54 -0700 |
|---|---|---|
| committer | Markus Roberts <Markus@reality.com> | 2010-07-07 17:18:09 -0700 |
| commit | b7e2580ab49ecdb67fc9b522829c005fc3750fbe (patch) | |
| tree | 989f4f278ce98a25afd8020249fb2f821420245d | |
| parent | 70af43f915110b806dc156fd09c3aa8ec7b0fe0d (diff) | |
| download | puppet-b7e2580ab49ecdb67fc9b522829c005fc3750fbe.tar.gz puppet-b7e2580ab49ecdb67fc9b522829c005fc3750fbe.tar.xz puppet-b7e2580ab49ecdb67fc9b522829c005fc3750fbe.zip | |
[#3169] Adds more debugging to SSL cert verification
This patch (via Nicholas Veeser) adds more debugging when SSL cert
verification fails.
| -rw-r--r-- | lib/puppet/network/http_pool.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb index 4789d4704..244f18b0d 100644 --- a/lib/puppet/network/http_pool.rb +++ b/lib/puppet/network/http_pool.rb @@ -58,6 +58,20 @@ module Puppet::Network::HttpPool http.cert = ssl_host.certificate.content http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.key = ssl_host.key.content + if Puppet[:debug] + http.verify_callback = self.method(:ssl_verify_callback).to_proc + end + end + + def self.ssl_verify_callback(peer_ok, x509_store_ctx) + if not peer_ok + Puppet.debug "OpenSSL: Error(#{x509_store_ctx.error}): #{x509_store_ctx.error_string}" + Puppet.debug "OpenSSL: Cert: #{x509_store_ctx.current_cert.issuer}" + Puppet.debug "OpenSSL: Current CRL: #{x509_store_ctx.current_crl}" + Puppet.debug "OpenSSL: Chain:" + x509_store_ctx.chain.each_index { |i| Puppet.debug "OpenSSL: \t#{i} #{x509_store_ctx.chain[i].issuer}" } + end + peer_ok end # Retrieve a cached http instance if caching is enabled, else return |