diff options
| -rw-r--r-- | lib/puppet/network/http_pool.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb index 4789d4704..244f18b0d 100644 --- a/lib/puppet/network/http_pool.rb +++ b/lib/puppet/network/http_pool.rb @@ -58,6 +58,20 @@ module Puppet::Network::HttpPool http.cert = ssl_host.certificate.content http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.key = ssl_host.key.content + if Puppet[:debug] + http.verify_callback = self.method(:ssl_verify_callback).to_proc + end + end + + def self.ssl_verify_callback(peer_ok, x509_store_ctx) + if not peer_ok + Puppet.debug "OpenSSL: Error(#{x509_store_ctx.error}): #{x509_store_ctx.error_string}" + Puppet.debug "OpenSSL: Cert: #{x509_store_ctx.current_cert.issuer}" + Puppet.debug "OpenSSL: Current CRL: #{x509_store_ctx.current_crl}" + Puppet.debug "OpenSSL: Chain:" + x509_store_ctx.chain.each_index { |i| Puppet.debug "OpenSSL: \t#{i} #{x509_store_ctx.chain[i].issuer}" } + end + peer_ok end # Retrieve a cached http instance if caching is enabled, else return |