diff options
Diffstat (limited to 'lib/puppet/ssl')
| -rw-r--r-- | lib/puppet/ssl/host.rb | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index a65490c40..acd27edb6 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -167,14 +167,27 @@ class Puppet::SSL::Host def certificate unless @certificate + generate_key unless key + # get the CA cert first, since it's required for the normal cert # to be of any use. return nil unless Certificate.find("ca") unless ca? - @certificate = Certificate.find(name) + return nil unless @certificate = Certificate.find(name) + + unless certificate_matches_key? + raise Puppet::Error, "Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key" + end end @certificate end + def certificate_matches_key? + return false unless key + return false unless certificate + + return certificate.content.check_private_key(key.content) + end + # Generate all necessary parts of our ssl host. def generate generate_key unless key |