diff options
| author | Luke Kanies <luke@madstop.com> | 2008-11-03 22:05:20 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-11-03 22:06:27 -0600 |
| commit | 7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64 (patch) | |
| tree | 136e8f20db596e22832d687c65998fa0585ef451 /lib/puppet/ssl | |
| parent | a00c1f2bb508d711c5fa0dd4bda98b7a747140aa (diff) | |
| download | puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.tar.gz puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.tar.xz puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.zip | |
Retrieving the CA certificate before the client certificate.
We have to have a CA cert first, because the host will
start using the client cert as soon as it's available,
but it's not functional without a CA cert.
Also removing extra stupid stuff from wait_for_cert --
the connection is now always recycled, which is much simpler.
Signed-off-by: Luke Kanies <luke@madstop.com>
Diffstat (limited to 'lib/puppet/ssl')
| -rw-r--r-- | lib/puppet/ssl/host.rb | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index d3805eb20..a750f3b08 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -137,7 +137,12 @@ class Puppet::SSL::Host end def certificate - return nil unless @certificate ||= Certificate.find(name) + unless @certificate + # get the CA cert first, since it's required for the normal cert + # to be of any use. + return nil unless Certificate.find("ca") unless ca? + @certificate = Certificate.find(name) + end @certificate end @@ -172,6 +177,8 @@ class Puppet::SSL::Host @ssl_store = OpenSSL::X509::Store.new @ssl_store.purpose = purpose + # Use the file path here, because we don't want to cause + # a lookup in the middle of setting our ssl connection. @ssl_store.add_file(Puppet[:localcacert]) # If there's a CRL, add it to our store. @@ -186,11 +193,11 @@ class Puppet::SSL::Host # Attempt to retrieve a cert, if we don't already have one. def wait_for_cert(time) - return :existing if certificate + return if certificate begin generate - return :new if certificate + return if certificate rescue StandardError => detail Puppet.err "Could not request certificate: %s" % detail.to_s if time < 1 @@ -216,7 +223,6 @@ class Puppet::SSL::Host Puppet.err "Could not request certificate: %s" % detail.to_s end end - return :new end end |