summaryrefslogtreecommitdiffstats
path: root/lib/puppet/ssl/certificate.rb
Commit message (Collapse)AuthorAgeFilesLines
* Fix for #2890 (the cached certificates that would not die)Markus Roberts2009-12-191-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | This patch implements the two-part suggestion from the ticket; 1) a client that receives a certificate that doesn't match its current private key does not accept, store or use the certificate--instead it removes any locally cached copies and acts as if the certificate had never been found. 2) a puppetmaster that receives a csr from a client for whom it already has a signed certificate now honors the request and considers it to supercede any previously signed certificates. In order to make the cache expiration work as expected, I changed a few assumptions in the caching system: * The expiration of a cached certificate is the earlier of the envelope expiration and the certificate's expiration, as opposed to just overriding the cache value * Telling the cache to expire an item now removes it from the cache if possible, rather than just setting an expiration date in the past and hoping that somebody notices. Signed-off-by: Markus Roberts <Markus@reality.com>
* Certificates now work over REST.Luke Kanies2008-08-071-1/+10
| | | | | | | | | All of the format work is done, they all support plaintext successfully, and I've got integration tests that demonstrate that it actually works. Signed-off-by: Luke Kanies <luke@madstop.com>
* Making all certificates only support the plaintext format.Luke Kanies2008-08-041-0/+6
| | | | | | | None of them actually support yaml or marshal by default, and plaintext is easiest anyway. Signed-off-by: Luke Kanies <luke@madstop.com>
* Setting the expiration date of certificate objects to the expiry of the actualLuke Kanies2008-04-171-0/+5
| | | | cert.
* Adding SSL::Host-level support for managing the terminus andLuke Kanies2008-04-171-16/+1
| | | | | cache classes. Also, defaulting to the :file terminus for all of the SSL classes.
* Making the first pass at using requests instead ofLuke Kanies2008-04-151-22/+6
| | | | | specifying the terminus class. The individual ssl classes now work, but the ssl host class doesn't yet.
* It looks like all of the new ssl classes for managingLuke Kanies2008-04-151-3/+34
| | | | | | | keys, certificates, and requests now work, including talking to the certificate authority. Now we just need the authority itself, along with the necessary REST terminii.
* Adding he last of the indirection classes for the sslLuke Kanies2008-04-151-3/+2
| | | | classes, finally including the certificate requests.
* The basics for the certificate and certificate requestLuke Kanies2008-04-151-9/+5
| | | | | indirection terminii are done. I need to move most of the test code to a shared behaviour now.
* The new SSL classes basically work, but they're notLuke Kanies2008-04-151-0/+19
functionally connected to any kind of indirection.
generated by cgit (git 2.34.1) at 2025-09-25 15:29:15 +0000