diff options
| -rw-r--r-- | lib/puppet/network/client/ca.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/network/http_pool.rb | 2 | ||||
| -rw-r--r-- | lib/puppet/network/xmlrpc/client.rb | 3 | ||||
| -rwxr-xr-x | spec/integration/ssl/certificate_request.rb | 10 | ||||
| -rwxr-xr-x | spec/integration/ssl/host.rb | 13 | ||||
| -rw-r--r-- | spec/unit/network/http/webrick.rb | 1 | ||||
| -rwxr-xr-x | spec/unit/network/http_pool.rb | 13 |
7 files changed, 35 insertions, 9 deletions
diff --git a/lib/puppet/network/client/ca.rb b/lib/puppet/network/client/ca.rb index a2704e451..5fbdfe9e3 100644 --- a/lib/puppet/network/client/ca.rb +++ b/lib/puppet/network/client/ca.rb @@ -45,7 +45,7 @@ class Puppet::Network::Client::CA < Puppet::Network::Client end unless @cert.check_private_key(key) - raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Facter.value(:fqdn) + raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Puppet[:certname] end # Only write the cert out if it passes validating. diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb index 9dd4a576a..24cbee656 100644 --- a/lib/puppet/network/http_pool.rb +++ b/lib/puppet/network/http_pool.rb @@ -50,7 +50,7 @@ module Puppet::Network::HttpPool # Use cert information from a Puppet client to set up the http object. def self.cert_setup(http) # Just no-op if we don't have certs. - return false unless ssl_host.certificate + return false unless FileTest.exist?(Puppet[:hostcert]) # ssl_host.certificate http.cert_store = ssl_host.ssl_store http.ca_file = Puppet[:localcacert] diff --git a/lib/puppet/network/xmlrpc/client.rb b/lib/puppet/network/xmlrpc/client.rb index e0fb5a0ab..dfd4a95a7 100644 --- a/lib/puppet/network/xmlrpc/client.rb +++ b/lib/puppet/network/xmlrpc/client.rb @@ -51,7 +51,8 @@ module Puppet::Network end ["certificate verify failed", "hostname was not match", "hostname not match"].each do |str| if detail.message.include?(str) - Puppet.warning "Certificate validation failed; considering using the certname configuration option" + Puppet.warning "Certificate validation failed; consider using the certname configuration option" + break end end raise XMLRPCClientError, diff --git a/spec/integration/ssl/certificate_request.rb b/spec/integration/ssl/certificate_request.rb index d3567bcce..01b1f4a29 100755 --- a/spec/integration/ssl/certificate_request.rb +++ b/spec/integration/ssl/certificate_request.rb @@ -8,13 +8,17 @@ require File.dirname(__FILE__) + '/../../spec_helper' require 'puppet/ssl/certificate_request' require 'tempfile' -describe Puppet::SSL::Host do +describe Puppet::SSL::CertificateRequest do before do # Get a safe temporary file file = Tempfile.new("csr_integration_testing") @dir = file.path file.delete + Puppet.settings.clear + # This is necessary so the terminus instances don't lie around. + Puppet::SSL::CertificateRequest.indirection.clear_cache + Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir @@ -23,13 +27,13 @@ describe Puppet::SSL::Host do @key = OpenSSL::PKey::RSA.new(512) end - after { + after do system("rm -rf %s" % @dir) Puppet.settings.clear # This is necessary so the terminus instances don't lie around. Puppet::SSL::CertificateRequest.indirection.clear_cache - } + end it "should be able to generate CSRs" do @csr.generate(@key) diff --git a/spec/integration/ssl/host.rb b/spec/integration/ssl/host.rb index e8fd89364..5e457bded 100755 --- a/spec/integration/ssl/host.rb +++ b/spec/integration/ssl/host.rb @@ -18,10 +18,15 @@ describe Puppet::SSL::Host do Puppet.settings[:confdir] = @dir Puppet.settings[:vardir] = @dir + Puppet::SSL::Host.ca_location = :local + @host = Puppet::SSL::Host.new("luke.madstop.com") + @ca = Puppet::SSL::CertificateAuthority.new end after { + Puppet::SSL::Host.ca_location = :none + system("rm -rf %s" % @dir) Puppet.settings.clear @@ -77,4 +82,12 @@ describe Puppet::SSL::Host do FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem")) end end + + it "should pass the verification of its own SSL store" do + @host.generate + @ca = Puppet::SSL::CertificateAuthority.new + @ca.sign(@host.name) + + @host.ssl_store.verify(@host.certificate.content).should be_true + end end diff --git a/spec/unit/network/http/webrick.rb b/spec/unit/network/http/webrick.rb index 58b0d9a3d..11b74ec3a 100644 --- a/spec/unit/network/http/webrick.rb +++ b/spec/unit/network/http/webrick.rb @@ -61,7 +61,6 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do @server.expects(:setup_logger).returns(:Logger => :mylogger) WEBrick::HTTPServer.expects(:new).with {|args| - p args args[:Logger] == :mylogger }.returns(@mock_webrick) diff --git a/spec/unit/network/http_pool.rb b/spec/unit/network/http_pool.rb index b8f087650..1f519637b 100755 --- a/spec/unit/network/http_pool.rb +++ b/spec/unit/network/http_pool.rb @@ -170,11 +170,17 @@ describe Puppet::Network::HttpPool do @key = stub 'key', :content => "real_key" @host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store + Puppet[:confdir] = "/sometthing/else" + Puppet.settings.stubs(:value).returns "/some/file" + Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert" + + FileTest.stubs(:exist?).with("/host/cert").returns true + Puppet::Network::HttpPool.stubs(:ssl_host).returns @host end - it "should do nothing if no certificate is available" do - @host.expects(:certificate).returns nil + it "should do nothing if no certificate is on disk" do + FileTest.expects(:exist?).with("/host/cert").returns false @http.expects(:cert=).never Puppet::Network::HttpPool.cert_setup(@http) end @@ -204,6 +210,9 @@ describe Puppet::Network::HttpPool do end it "should set the ca file" do + Puppet.settings.stubs(:value).returns "/some/file" + FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true + Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file" @http.expects(:ca_file=).with("/ca/cert/file") |