The http pool manager now uses new-style certificate management.

It uses an instance of SSL::Host for getting its certificate
and ssl store.

1 files changed, 15 insertions, 11 deletions

diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb
index 1227f78dc..8c73adba6 100644
--- a/lib/puppet/network/http_pool.rb
+++ b/lib/puppet/network/http_pool.rb
@@ -1,8 +1,7 @@
-require 'puppet/sslcertificates/support'
+require 'puppet/ssl/host'
 require 'net/https'
 
-module Puppet::Network
-end
+module Puppet::Network; end
 
 # Manage Net::HTTP instances for keep-alive.
 module Puppet::Network::HttpPool
@@ -15,6 +14,15 @@ module Puppet::Network::HttpPool
         HTTP_KEEP_ALIVE
     end
 
+    # Create an ssl host instance for getting certificate
+    # information.
+    def self.ssl_host
+        unless defined?(@ssl_host) and @ssl_host
+            @ssl_host = Puppet::SSL::Host.new
+        end
+        @ssl_host
+    end
+
     # This handles reading in the key and such-like.
     extend Puppet::SSLCertificates::Support
     @http_cache = {}
@@ -44,17 +52,13 @@ module Puppet::Network::HttpPool
     # Use cert information from a Puppet client to set up the http object.
     def self.cert_setup(http)
         # Just no-op if we don't have certs.
-        return false unless (defined?(@cert) and @cert) or self.read_cert
-
-        store = OpenSSL::X509::Store.new
-        store.add_file Puppet[:localcacert]
-        store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
+        return false unless ssl_host.certificate
 
-        http.cert_store = store
+        http.cert_store = ssl_host.ssl_store
         http.ca_file = Puppet[:localcacert]
-        http.cert = self.cert
+        http.cert = ssl_host.certificate.content
         http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        http.key = self.key
+        http.key = ssl_host.key.content
     end
 
     # Retrieve a cached http instance of caching is enabled, else return