I think I've now got the Webrick SSL support working.

Now I just need to get xmlrpc working alongside REST in both mongrel and webrick.
author: Luke Kanies <luke@madstop.com> 2008-04-28 17:52:02 -0500
committer: Luke Kanies <luke@madstop.com> 2008-04-28 17:52:02 -0500
commit: 8c9b04d807b34ade704da3584b72d39bb129aa75 (patch)
tree: c76828f38c7c8d28f4b533d556e809d0bf3c1437 /lib
parent: 83519f4e59f68f867f8ddbe141ac8bd9a6238ae1 (diff)
download: puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.tar.gz
puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.tar.xz
puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.zip
4 files changed, 20 insertions, 5 deletions
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index ff302e8db..cbf608cc2 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -166,6 +166,8 @@ module Puppet
             If it's anything other than an empty string, it will be used as an alias in the created
             certificate.  By default, only the server gets an alias set up, and only for 'puppet'."],
         :certdir => ["$ssldir/certs", "The certificate directory."],
+        :crl => [true, "Whether to use a certificate revocation list.  If this is set to true and the CRL does not exist,
+            you will get a failure."],
         :publickeydir => ["$ssldir/public_keys", "The public key directory."],
         :requestdir => ["$ssldir/certificate_requests", "Where host certificate requests are stored."],
         :privatekeydir => { :default => "$ssldir/private_keys",
@@ -236,7 +238,14 @@ module Puppet
             :owner => "$user",
             :group => "$group",
             :mode => 0664,
-            :desc => "The certificate revocation list (CRL) for the CA. Set this to 'false' if you do not want to use a CRL."
+            :desc => "The certificate revocation list (CRL) for the CA. You should now set 'crl' to false if you do not want to use a CRL.
+                Only set this to file path.",
+            :hook => proc do |value|
+                if value == 'false'
+                    Puppet.warning "Setting the :cacrl to 'false' is deprecated; set :crl to false instead."
+                    Puppet.settings[:crl] = false
+                end
+            end
         },
         :caprivatedir => { :default => "$cadir/private",
             :owner => "$user",
diff --git a/lib/puppet/network/http/webrick.rb b/lib/puppet/network/http/webrick.rb
index 8ccf974c6..2b3eace48 100644
--- a/lib/puppet/network/http/webrick.rb
+++ b/lib/puppet/network/http/webrick.rb
@@ -108,7 +108,7 @@ class Puppet::Network::HTTP::WEBrick
         # LAK:NOTE I'm not sure why this is this way, actually.
         results[:SSLCertName] = nil
 
-        results[:SSLCertificateStore] = setup_ssl_store if Puppet[:cacrl] != 'false'
+        results[:SSLCertificateStore] = setup_ssl_store if Puppet[:hostcrl] != 'false'
 
         results
     end
@@ -116,7 +116,7 @@ class Puppet::Network::HTTP::WEBrick
     # Create our Certificate revocation list
     def setup_ssl_store
         unless crl = Puppet::SSL::CertificateRevocationList.find("ca")
-            raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage"
+            raise Puppet::Error, "Could not find CRL; set 'hostcrl' to 'false' to disable CRL usage"
         end
         store = OpenSSL::X509::Store.new
         store.purpose = OpenSSL::X509::PURPOSE_ANY
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 9b49c5420..42981424e 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -141,7 +141,7 @@ class Puppet::SSL::CertificateAuthority
     def crl
         unless defined?(@crl)
             # The crl is disabled.
-            if ["false", false].include?(Puppet[:cacrl])
+            unless Puppet[:crl]
                 @crl = nil
                 return @crl
             end
@@ -149,6 +149,7 @@ class Puppet::SSL::CertificateAuthority
             unless @crl = Puppet::SSL::CertificateRevocationList.find("whatever")
                 @crl = Puppet::SSL::CertificateRevocationList.new("whatever")
                 @crl.generate(host.certificate.content)
+                @crl.save
             end
         end
         @crl
diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb
index e595e2eea..65668f919 100644
--- a/lib/puppet/util/settings.rb
+++ b/lib/puppet/util/settings.rb
@@ -585,7 +585,12 @@ Generated on #{Time.now}.
                 catalog.host_config = false
                 catalog.apply do |transaction|
                     if failures = transaction.any_failed?
-                        raise "Could not configure for running; got %s failure(s)" % failures
+                        # LAK:NOTE We should do something like this for some cases,
+                        # since it can otherwise be hard to know what failed.
+                        #transaction.report.logs.find_all { |log| log.level == :err }.each do |log|
+                        #    puts log.message
+                        #end
+                        raise "Could not configure myself; got %s failure(s)" % failures
                     end
                 end
             end
author	Luke Kanies <luke@madstop.com>	2008-04-28 17:52:02 -0500
committer	Luke Kanies <luke@madstop.com>	2008-04-28 17:52:02 -0500
commit	8c9b04d807b34ade704da3584b72d39bb129aa75 (patch)
tree	c76828f38c7c8d28f4b533d556e809d0bf3c1437 /lib
parent	83519f4e59f68f867f8ddbe141ac8bd9a6238ae1 (diff)
download	puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.tar.gz puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.tar.xz puppet-8c9b04d807b34ade704da3584b72d39bb129aa75.zip