diff options
| author | Luke Kanies <luke@madstop.com> | 2008-05-05 17:16:03 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-05-05 17:16:03 -0500 |
| commit | ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c (patch) | |
| tree | 5bc654caf5c6da1127fb93e081b1dcf99929695a /lib/puppet | |
| parent | 67dc268fae0489de93f247b08fdaf7b1eec0e15d (diff) | |
| download | puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.gz puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.xz puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.zip | |
The SSL::Host class now uses the CA to generate its certificate when appropriate.
It uses the CA singleton method to determine
whether it's on valid CA host, and if so, uses
the CA instance to sign its generated CSR.
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/ssl/host.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index e89f21676..09086e0fa 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -146,9 +146,12 @@ class Puppet::SSL::Host generate_key unless key generate_certificate_request unless certificate_request - # Now try to find our actual certificate; this should hopefully get - # the cert from the server and then cache it locally. - certificate() + # If we can get a CA instance, then we're a valid CA, and we + # should use it to sign our request; else, just try to read + # the cert. + if ! certificate() and ca = Puppet::SSL::CertificateAuthority.instance + ca.sign(self.name) + end end def initialize(name = nil) @@ -162,3 +165,5 @@ class Puppet::SSL::Host key.content.public_key end end + +require 'puppet/ssl/certificate_authority' |