diff options
| author | Markus Roberts <Markus@reality.com> | 2009-08-11 22:58:34 -0700 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-08-13 08:16:54 +1000 |
| commit | 55a9cdbac71ef303c4905330b946586262297672 (patch) | |
| tree | 8d8de19526885de9a4ee4050f17c14711938e888 /lib/puppet | |
| parent | 601a2e54aecccedfc0bdd94939d44cc07b4d6588 (diff) | |
| download | puppet-55a9cdbac71ef303c4905330b946586262297672.tar.gz puppet-55a9cdbac71ef303c4905330b946586262297672.tar.xz puppet-55a9cdbac71ef303c4905330b946586262297672.zip | |
Fix #2517 - Stack overflow when CA cert missing
This was a "There's A Hole In The Bucket" problem caused when trying
to establish a connection to get a certificate before there was
a certificate with which to establish the connection, ad
infinitum. The solution was to test for the presence of the
CA cert as well as the host cert before attempting to use them.
This patch modifies existing tests to pass with the new code (by
stubbing out the additional FileTests) and adds a new test which
catches the original problem.
Signed-off-by: Markus Roberts <Markus@reality.com>
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/network/http_pool.rb | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb index b1206f7f9..6de204a80 100644 --- a/lib/puppet/network/http_pool.rb +++ b/lib/puppet/network/http_pool.rb @@ -51,7 +51,7 @@ module Puppet::Network::HttpPool # Use cert information from a Puppet client to set up the http object. def self.cert_setup(http) # Just no-op if we don't have certs. - return false unless FileTest.exist?(Puppet[:hostcert]) # ssl_host.certificate + return false unless FileTest.exist?(Puppet[:hostcert]) and FileTest.exist?(Puppet[:localcacert]) http.cert_store = ssl_host.ssl_store http.ca_file = Puppet[:localcacert] @@ -60,7 +60,7 @@ module Puppet::Network::HttpPool http.key = ssl_host.key.content end - # Retrieve a cached http instance of caching is enabled, else return + # Retrieve a cached http instance if caching is enabled, else return # a new one. def self.http_instance(host, port, reset = false) # We overwrite the uninitialized @http here with a cached one. @@ -95,11 +95,7 @@ module Puppet::Network::HttpPool http.read_timeout = Puppet[:configtimeout] http.open_timeout = Puppet[:configtimeout] # JJM Configurable fix for #896. - if Puppet[:http_enable_post_connection_check] - http.enable_post_connection_check = true - else - http.enable_post_connection_check = false - end + http.enable_post_connection_check = Puppet[:http_enable_post_connection_check] cert_setup(http) |