diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-06-14 15:31:13 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-06-14 17:03:56 -0700 |
| commit | 99330fa56d5f2a459fe560d7f7506d42d4a98d14 (patch) | |
| tree | 8b920d56e7812ce7e6b81720eefc24aca3a255b9 /acceptance | |
| parent | 1d867b026dbfa38d44f042680acf708b42295882 (diff) | |
| download | puppet-99330fa56d5f2a459fe560d7f7506d42d4a98d14.tar.gz puppet-99330fa56d5f2a459fe560d7f7506d42d4a98d14.tar.xz puppet-99330fa56d5f2a459fe560d7f7506d42d4a98d14.zip | |
(#7224) Reword 'hostname was not match' error message
This error message is grammatically incorrect and unhelpful, so we replace it
with a message that explains more correctly what went wrong and what was
expected. This message happens when making an authenticated connection to a
server where the certificate doesn't match its hostname. This happens in the
REST terminuses, so we wrap their HTTP methods with a helper that will catch
the appropriate SSLError and re-raise it with the better message stating the
hostname used, and the list of hostnames that we were expecting it to be a part
of.
Unfortunately, because the certificate in question isn't available at error
time, we have to use the Net::HTTP#verify_callback to capture it.
Paired-With: Jacob Helwig <jacob@puppetlabs.com>
Reviewed-By: Dominic Maraglia <dominic@puppetlabs.com>
Diffstat (limited to 'acceptance')
| -rw-r--r-- | acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb | 12 | ||||
| -rw-r--r-- | acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb | 4 |
2 files changed, 14 insertions, 2 deletions
diff --git a/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb new file mode 100644 index 000000000..c3b5b6795 --- /dev/null +++ b/acceptance/tests/helpful_error_message_when_hostname_not_match_server_certificate.rb @@ -0,0 +1,12 @@ +test_name "generate a helpful error message when hostname doesn't match server certificate" + +step "Clear any existing SSL directories" +on(hosts, "rm -r #{config['puppetpath']}/ssl") + +# Start the master with a certname not matching its hostname +with_master_running_on(master, "--certname foobar_not_my_hostname --certdnsnames one_cert:two_cert:red_cert:blue_cert --autosign true") do + run_agent_on(agents, "--no-daemonize --verbose --onetime --server #{master}", :acceptable_exit_codes => (1..255)) do + msg = "Server hostname '#{master}' did not match server certificate; expected one of foobar_not_my_hostname, one_cert, two_cert, red_cert, blue_cert" + assert_match(msg, stdout) + end +end diff --git a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb index 9eaf4c224..a34a3e718 100644 --- a/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb +++ b/acceptance/tests/ticket_3360_allow_duplicate_csr_with_option_set.rb @@ -2,8 +2,8 @@ test_name "#3360: Allow duplicate CSR when allow_duplicate_certs is on" agent_hostnames = agents.map {|a| a.to_s} -step "Remove existing SSL directory for agents" -on agents, "rm -r #{config['puppetpath']}/ssl" +step "Remove existing SSL directory for hosts" +on hosts, "rm -r #{config['puppetpath']}/ssl" with_master_running_on master, "--allow_duplicate_certs --certdnsnames=\"puppet:$(hostname -s):$(hostname -f)\" --verbose --noop" do step "Generate a certificate request for the agent" |