Fix #4226 - Prepend 'Puppet CA: ' to fqdn for default root ca_name

Having a root ca_name that matches the fqdn of the puppet master would
cause certificate lookup problems on some clients, resulting in failed SSL
negotiation.

Signed-off-by: Jacob Helwig <jacob@puppetlabs.com>

2 files changed, 13 insertions, 2 deletions

diff --git a/spec/integration/defaults_spec.rb b/spec/integration/defaults_spec.rb
index 4ae2983f4..1f90c7cbc 100755
--- a/spec/integration/defaults_spec.rb
+++ b/spec/integration/defaults_spec.rb
@@ -227,7 +227,7 @@ describe "Puppet defaults" do
 
   it "should have a :caname setting that defaults to the cert name" do
     Puppet.settings[:certname] = "foo"
-    Puppet.settings[:ca_name].should == "foo"
+    Puppet.settings[:ca_name].should == "Puppet CA: foo"
   end
 
   it "should have a 'prerun_command' that defaults to the empty string" do
diff --git a/spec/unit/sslcertificates/ca_spec.rb b/spec/unit/sslcertificates/ca_spec.rb
index aa7e25ff3..b1393b25d 100644
--- a/spec/unit/sslcertificates/ca_spec.rb
+++ b/spec/unit/sslcertificates/ca_spec.rb
@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
-
 require File.dirname(__FILE__) + '/../../spec_helper'
+
 require 'puppet'
 require 'puppet/sslcertificates'
 require 'puppet/sslcertificates/ca'
@@ -95,5 +95,16 @@ describe Puppet::SSLCertificates::CA do
     it 'should store the public key' do
       File.exists?(Puppet[:capub]).should be_true
     end
+
+    it 'should prepend "Puppet CA: " to the fqdn as the ca_name by default' do
+      host_mock_fact = mock()
+      host_mock_fact.expects(:value).returns('myhost')
+      domain_mock_fact = mock()
+      domain_mock_fact.expects(:value).returns('puppetlabs.lan')
+      Facter.stubs(:[]).with('hostname').returns(host_mock_fact)
+      Facter.stubs(:[]).with('domain').returns(domain_mock_fact)
+
+      @ca.mkrootcert.name.should == 'Puppet CA: myhost.puppetlabs.lan'
+    end
   end
 end