diff options
author | Luke Kanies <luke@madstop.com> | 2007-12-11 11:51:54 -0600 |
---|---|---|
committer | Luke Kanies <luke@madstop.com> | 2007-12-11 11:51:54 -0600 |
commit | d9200a020075738c51af0c9269a40da23a17fd13 (patch) | |
tree | b18986aff394ce9f4880d57ac2c4893290b6d324 /lib/puppet/sslcertificates.rb | |
parent | 74db7772df856bac39081df9bd006c20c7175ec7 (diff) | |
download | puppet-d9200a020075738c51af0c9269a40da23a17fd13.tar.gz puppet-d9200a020075738c51af0c9269a40da23a17fd13.tar.xz puppet-d9200a020075738c51af0c9269a40da23a17fd13.zip |
Adding what is hopefully the last commit for #896. Here's the
changelog:
Modifying the behaviour of the certdnsnames setting. It now defaults
to an empty string, and will only be used if it is set to something
else. If it is set, then the host's FQDN will also be added as
an alias. The default behaviour is now to add 'puppet' and
'puppet.$domain' as DNS aliases when the name for the cert being
signed is equal to the signing machine's name, which will only
be the case for CA servers. This should result in servers always
having the alias set up and no one else, but you can still override
the aliases if you want.
Diffstat (limited to 'lib/puppet/sslcertificates.rb')
-rwxr-xr-x | lib/puppet/sslcertificates.rb | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb index e9d544125..bd0ce8c92 100755 --- a/lib/puppet/sslcertificates.rb +++ b/lib/puppet/sslcertificates.rb @@ -61,7 +61,16 @@ module Puppet::SSLCertificates key_usage = %w{cRLSign keyCertSign} when :server: basic_constraint = "CA:FALSE" - hash[:dnsnames].split(':').each { |d| subject_alt_name << 'DNS:' + d } if hash[:dnsnames] + dnsnames = Puppet[:certdnsnames] + name = hash[:name].to_s.sub(%r{/CN=},'') + if dnsnames != "" + dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d } + subject_alt_name << 'DNS:' + name # Add the fqdn as an alias + elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server + subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias + subject_alt_name << 'DNS:' + name # Add the fqdn as an alias + subject_alt_name << 'DNS:' + name.sub(/^[^.]+./, "puppet.") # add puppet.domain as an alias + end key_usage = %w{digitalSignature keyEncipherment} ext_key_usage = %w{serverAuth clientAuth} when :ocsp: |