diff options
| author | Nick Lewis <nick@puppetlabs.com> | 2011-04-12 10:46:12 -0700 |
|---|---|---|
| committer | Nick Lewis <nick@puppetlabs.com> | 2011-04-12 10:46:12 -0700 |
| commit | 665fabdb3e468d1ef38d689b9cb0d75b9d788f88 (patch) | |
| tree | 132493c5e8c01e240e34492ee5b06773e69ed906 /lib/puppet | |
| parent | dce851cac79393f86950f4ebfc48b9ac67dcd8f7 (diff) | |
| parent | cb01221a0f7221dba60bc23c5a0be2a70466bcdc (diff) | |
| download | puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.tar.gz puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.tar.xz puppet-665fabdb3e468d1ef38d689b9cb0d75b9d788f88.zip | |
Merge branch 'ticket/next/3360' into next
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/defaults.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/indirector/certificate_request/ca.rb | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 989ef3f35..76c40824c 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -353,6 +353,8 @@ module Puppet autosigns any key request, and is a very bad idea), false (which never autosigns any key request), and the path to a file, which uses that configuration file to determine which keys to sign."}, + :allow_duplicate_certs => [false, "Whether to allow a new certificate + request to overwrite an existing certificate."], :ca_days => ["", "How long a certificate should be valid. This parameter is deprecated, use ca_ttl instead"], :ca_ttl => ["5y", "The default TTL for new certificates; valid values diff --git a/lib/puppet/indirector/certificate_request/ca.rb b/lib/puppet/indirector/certificate_request/ca.rb index f4c924fe1..5d76ee52a 100644 --- a/lib/puppet/indirector/certificate_request/ca.rb +++ b/lib/puppet/indirector/certificate_request/ca.rb @@ -7,6 +7,14 @@ class Puppet::SSL::CertificateRequest::Ca < Puppet::Indirector::SslFile store_in :csrdir def save(request) + if host = Puppet::SSL::Host.indirection.find(request.key) + if Puppet[:allow_duplicate_certs] + Puppet.notice "#{request.key} already has a #{host.state} certificate; new certificate will overwrite it" + else + raise "#{request.key} already has a #{host.state} certificate; ignoring certificate request" + end + end + result = super Puppet.notice "#{request.key} has a waiting certificate request" result |