Feature #2839 - fingerprint certificate

This patch adds several things:
 * certificate fingerprinting in --list mode
 * a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
 * a --fingerprint puppetd option to display client certificates
 * each time a CSR is generated, its fingerprint is displayed in the log

It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.

Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>

1 files changed, 10 insertions, 1 deletions

diff --git a/sbin/puppetca b/sbin/puppetca
index 27ba916b5..eab594ba6 100755
--- a/sbin/puppetca
+++ b/sbin/puppetca
@@ -10,7 +10,8 @@
 #
 #   puppetca [-h|--help] [-V|--version] [-d|--debug] [-v|--verbose]
 #               [-g|--generate] [-l|--list] [-s|--sign] [-r|--revoke]
-#               [-p|--print] [-c|--clean] [--verify] [host]
+#               [-p|--print] [-c|--clean] [--verify] [--digest DIGEST]
+#               [--fingerprint] [host]
 #
 # = Description
 #
@@ -35,6 +36,11 @@
 #   Operate on all items.  Currently only makes sense with '--sign',
 #   '--clean', or '--list'.
 #
+# digest::
+#   Set the digest for fingerprinting (defaults to md5). Valid values depends
+#   on your openssl and openssl ruby extension version, but should contain at
+#   least md5, sha1, md2, sha256.
+#
 # clean::
 #    Remove all files related to a host from puppetca's storage. This is
 #    useful when rebuilding hosts, since new certificate signing requests
@@ -62,6 +68,9 @@
 # print::
 #   Print the full-text version of a host's certificate.
 #
+# fingerprint::
+#   Print the DIGEST (defaults to md5) fingerprint of a host's certificate.
+#
 # revoke::
 #   Revoke the certificate of a client. The certificate can be specified
 #   either by its serial number, given as a decimal number or a hexadecimal