| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |\ \ |
|
| | | | | |
|
| | | |/ |
|
| | | |
| | |
| | |
| | | |
This is related to #1215.
|
| | |/ |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
some doco fixes
|
| | |
| |
| |
| |
| | |
It was trying to use arguments but they were never actually
set.
|
| | |
| |
| |
| |
| | |
This provides a single, global bit for determining whether
a given piece of cached data is still valid.
|
| | |
| |
| |
| |
| |
| |
| | |
I keep having issues with integration tests keeping
cached values around, and this module should hopefully
give us a single place to invalidate all caches, thus
making testing this much easier.
|
| | |
| |
| |
| |
| |
| |
| | |
The HttpPool module now removes its cached ssl_host instance
when clearing its cache. This is really only useful
for testing, but it correctly causes the pool to use
new certificates when they're available.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, you had to configure whether you wanted the CRL or not,
which resulted in errors all the time when it was configured but
unavailable.
Now, Puppet will always create and try to use it, but you won't
get failures if it's unavailable.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
|
| | |
| |
| |
| | |
class.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We can't have the HttpPool class use the Indirector to see
if it has a cert available, because it might be being used to
try to download one, which would cause it to make an http instance,
which would cause it to... Well, you get the idea.
Adding and fixing a few other tests I ran into on the way.
|
| | | |
|
| | |
| |
| |
| |
| | |
Now the CSR class triggers autosigning when any CSR is
saved, if it's running on a CA host.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
...as far as I can tell. The client, however, is broken,
since it used the old http_pool/ssl_support stuff, which
no longer works.
I have to port puppetd over to using the new ssl stuff,
then I'll at least be able to verify that the master can
still speak xmlrpc.
|
| | |
| |
| |
| |
| |
| |
| | |
I don't think the whole thing is done, but at least the
basic flows are in place. Now it's just a question of
doing real-world tests and fleshing out the unit tests
as necessary.
|
| | |
| |
| |
| | |
SSL code.
|
| | |
| |
| |
| | |
This requires less setup and configuration on the part of the user.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes is so that if you, for instance, reset the vardir,
then the next time an initialization call is made, we reuse
any previously used sections, thus (hopefully) correctly
creating any newly needed directories.
This is mostly helpful during testing.
|
| | |
| |
| |
| | |
defaults section, rather than the puppetd section.
|
| | |
| |
| |
| |
| | |
It uses an instance of SSL::Host for getting its certificate
and ssl store.
|
| | |
| |
| |
| | |
These were still writing to ~.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
responsibilities to the SSL::Host class.
I was previously saving invalid CRLs unless they'd had a revocation
done in them; this commit fixes them so that they're always valid.
Also, I've added to SSL::Host the ability to generate a valid
SSL Store, suitable for validation. This is now used by
Webrick and can be used by the http clients, too.
This should have been two commits, but I'm kind of down the
rabbit hole ATM.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
appropriate.
It uses the CA singleton method to determine
whether it's on valid CA host, and if so, uses
the CA instance to sign its generated CSR.
|
| | |
| |
| |
| |
| |
| |
| | |
I realized that it never made sense to have a CA
that didn't know how to initialize itself, so we
now have a singleton method for the CA, and it also
automatically initializes itself.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The code is much cleaner, and it seems to be mostly
functional, but we have to pick a strategy for signing
the host's certificate on first startup. Also, I haven't
actually done end-to-end testing yet, which needs the certs
working first.
|
| | | |
|
| | |
| |
| |
| |
| | |
This provides the backward compatibility for webrick,
and only Mongrel is left.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
This provides the interface for configuring backward compatibility
in the new-style server code. It requires a completely different
configuration step, in that REST and xmlrpc handlers are configured
separately, rather than using the same handler names, but this was
considered less evil than having a large abstraction layer for specifying
how the handlers are related.
|
| | |
| |
| |
| |
| | |
Now I just need to get xmlrpc working alongside REST in
both mongrel and webrick.
|
| | | |
|
| |\|
| |
| |
| |
| |
| | |
Conflicts:
bin/puppetca
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
