2 files changed, 36 insertions, 2 deletions

diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb
index e8a98e9b8..ccb405f64 100644
--- a/lib/puppet/ssl/host.rb
+++ b/lib/puppet/ssl/host.rb
@@ -128,7 +128,12 @@ class Puppet::SSL::Host
     def generate_key
         @key = Key.new(name)
         @key.generate
-        @key.save
+        begin
+            @key.save
+        rescue
+            @key = nil
+            raise
+        end
         true
     end
 
@@ -142,7 +147,13 @@ class Puppet::SSL::Host
         generate_key unless key
         @certificate_request = CertificateRequest.new(name)
         @certificate_request.generate(key.content)
-        @certificate_request.save
+        begin
+            @certificate_request.save
+        rescue
+            @certificate_request = nil
+            raise
+        end
+
         return true
     end
 
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb
index 0e06ae687..6a64daed7 100755
--- a/spec/unit/ssl/host.rb
+++ b/spec/unit/ssl/host.rb
@@ -267,6 +267,16 @@ describe Puppet::SSL::Host do
             @host.key.should equal(@key)
         end
 
+        it "should not retain keys that could not be saved" do
+            Puppet::SSL::Key.expects(:new).with("myname").returns(@key)
+
+            @key.stubs(:generate)
+            @key.expects(:save).raises "eh"
+
+            lambda { @host.generate_key }.should raise_error
+            @host.key.should be_nil
+        end
+
         it "should return any previously found key without requerying" do
             Puppet::SSL::Key.expects(:find).with("myname").returns(@key).once
             @host.key.should equal(@key)
@@ -323,6 +333,19 @@ describe Puppet::SSL::Host do
             @host.certificate_request.should equal(@request)
             @host.certificate_request.should equal(@request)
         end
+
+        it "should not keep its certificate request in memory if the request cannot be saved" do
+            Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request
+
+            key = stub 'key', :public_key => mock("public_key"), :content => "mycontent"
+            @host.stubs(:key).returns(key)
+            @request.stubs(:generate)
+            @request.expects(:save).raises "eh"
+
+            lambda { @host.generate_certificate_request }.should raise_error
+
+            @host.certificate_request.should be_nil
+        end
     end
 
     describe "when managing its certificate" do