diff options
| author | Markus Roberts <Markus@reality.com> | 2009-12-16 16:26:05 -0800 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2009-12-19 00:38:14 +1100 |
| commit | 0dc2dbafe65b59bfbb3ab66e26f595260bdde356 (patch) | |
| tree | 0747398fbfd6bf2da8bee74dc444845b11a18063 /spec/unit/util/autoload.rb | |
| parent | 03f37acaeb4c90d0256059fdc96f717077240811 (diff) | |
| download | puppet-0dc2dbafe65b59bfbb3ab66e26f595260bdde356.tar.gz puppet-0dc2dbafe65b59bfbb3ab66e26f595260bdde356.tar.xz puppet-0dc2dbafe65b59bfbb3ab66e26f595260bdde356.zip | |
Fix for #2890 (the cached certificates that would not die)
This patch implements the two-part suggestion from the ticket;
1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.
2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.
In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:
* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.
Signed-off-by: Markus Roberts <Markus@reality.com>
Diffstat (limited to 'spec/unit/util/autoload.rb')
0 files changed, 0 insertions, 0 deletions