6 files changed, 1 insertions, 38 deletions

diff --git a/lib/puppet/application/puppetd.rb b/lib/puppet/application/puppetd.rb
index 26c9f825e..56aaf9370 100644
--- a/lib/puppet/application/puppetd.rb
+++ b/lib/puppet/application/puppetd.rb
@@ -160,13 +160,6 @@ Puppet::Application.new(:puppetd) do
             exit(14)
         end
 
-        # FIXME: we should really figure out how to distribute the CRL
-        # to clients. In the meantime, we just disable CRL checking if
-        # the CRL file doesn't exist
-        unless File::exist?(Puppet[:cacrl])
-            Puppet[:cacrl] = nil
-        end
-
         handlers = nil
 
         if options[:serve].empty?
diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb
index a863d3a20..2dae9ccd8 100644
--- a/lib/puppet/network/http_server/webrick.rb
+++ b/lib/puppet/network/http_server/webrick.rb
@@ -21,13 +21,10 @@ module Puppet
             # with them, with flags appropriate for checking client
             # certificates for revocation
             def x509store
-                if Puppet[:cacrl] == 'false'
+                unless File.exist?(Puppet[:cacrl])
                     # No CRL, no store needed
                     return nil
                 end
-                unless File.exist?(Puppet[:cacrl])
-                    raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage"
-                end
                 crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
                 store = OpenSSL::X509::Store.new
                 store.purpose = OpenSSL::X509::PURPOSE_ANY
diff --git a/lib/puppet/ssl/certificate_revocation_list.rb b/lib/puppet/ssl/certificate_revocation_list.rb
index f3c1a348a..c725bde48 100644
--- a/lib/puppet/ssl/certificate_revocation_list.rb
+++ b/lib/puppet/ssl/certificate_revocation_list.rb
@@ -46,8 +46,6 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base
     # The name doesn't actually matter; there's only one CRL.
     # We just need the name so our Indirector stuff all works more easily.
     def initialize(fakename)
-        raise Puppet::Error, "Cannot manage the CRL when :cacrl is set to false" if [false, "false"].include?(Puppet[:cacrl])
-
         @name = "crl"
     end
 
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index b0bcdb612..b5a246969 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -194,9 +194,6 @@ class Puppet::SSLCertificates::CA
     # Revoke the certificate with serial number SERIAL issued by this
     # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
     def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
-        if @config[:cacrl] == 'false'
-            raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'false'"
-        end
         time = Time.now
         revoked = OpenSSL::X509::Revoked.new
         revoked.serial = serial
@@ -344,8 +341,6 @@ class Puppet::SSLCertificates::CA
             @crl = OpenSSL::X509::CRL.new(
                 File.read(@config[:cacrl])
             )
-        elsif @config[:cacrl] == 'false'
-            @crl = nil
         else
             # Create new CRL
             @crl = OpenSSL::X509::CRL.new
diff --git a/spec/unit/application/puppetd.rb b/spec/unit/application/puppetd.rb
index 19dfaf3e0..e5a51675d 100755
--- a/spec/unit/application/puppetd.rb
+++ b/spec/unit/application/puppetd.rb
@@ -407,14 +407,6 @@ describe "puppetd" do
                 @puppetd.setup_listen
             end
 
-            it "should set :cacrl to nil if no cacrl file" do
-                Puppet.expects(:[]).with(:cacrl).returns('cacrl')
-                File.expects(:exist?).with('cacrl').returns(false)
-                Puppet.expects(:[]=).with(:cacrl,nil)
-
-                @puppetd.setup_listen
-            end
-
             it "should create a server to listen on at least the Runner handler" do
                 Puppet::Network::Server.expects(:new).with { |args| args[:xmlrpc_handlers] == [:Runner] }
 
diff --git a/spec/unit/ssl/certificate_revocation_list.rb b/spec/unit/ssl/certificate_revocation_list.rb
index eb25268e6..3d15db78b 100755
--- a/spec/unit/ssl/certificate_revocation_list.rb
+++ b/spec/unit/ssl/certificate_revocation_list.rb
@@ -46,18 +46,6 @@ describe Puppet::SSL::CertificateRevocationList do
         end
     end
 
-    describe "when initializing" do
-        it "should fail if :cacrl is set to false" do
-            Puppet.settings.expects(:value).with(:cacrl).returns false
-            lambda { @class.new("crl") }.should raise_error(Puppet::Error)
-        end
-
-        it "should fail if :cacrl is set to the string 'false'" do
-            Puppet.settings.expects(:value).with(:cacrl).returns "false"
-            lambda { @class.new("crl") }.should raise_error(Puppet::Error)
-        end
-    end
-
     describe "when generating the crl" do
         before do
             @real_crl = mock 'crl'