diff options
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/defaults.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/ssl/certificate_request.rb | 7 |
2 files changed, 7 insertions, 1 deletions
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 4924f2ced..ef194bc31 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -284,6 +284,7 @@ module Puppet ) setdefaults(:ca, + :ca_name => ["$certname", "The name to use the Certificate Authority certificate."], :cadir => { :default => "$ssldir/ca", :owner => "service", :group => "service", diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb index 6a0464a33..4008ababe 100644 --- a/lib/puppet/ssl/certificate_request.rb +++ b/lib/puppet/ssl/certificate_request.rb @@ -29,9 +29,14 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base # Support either an actual SSL key, or a Puppet key. key = key.content if key.is_a?(Puppet::SSL::Key) + # If we're a CSR for the CA, then use the real certname, rather than the + # fake 'ca' name. This is mostly for backward compatibility with 0.24.x, + # but it's also just a good idea. + common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name + csr = OpenSSL::X509::Request.new csr.version = 0 - csr.subject = OpenSSL::X509::Name.new([["CN", name]]) + csr.subject = OpenSSL::X509::Name.new([["CN", common_name]]) csr.public_key = key.public_key csr.sign(key, OpenSSL::Digest::MD5.new) |