From 330359015602eba83077fccaa708c819d2d78b53 Mon Sep 17 00:00:00 2001
From: Luke Kanies <luke@madstop.com>
Date: Wed, 7 May 2008 12:29:58 -0500
Subject: The master and client now successfully speak xmlrpc using the new
 system.

The server is actually serving REST, but the client can't use
it until we resolve the format and security issues that REST
hasn't yet tackled.
---
 lib/puppet/ssl/certificate_authority.rb | 21 ++++++++++++++++-----
 lib/puppet/ssl/certificate_factory.rb   |  2 +-
 2 files changed, 17 insertions(+), 6 deletions(-)

(limited to 'lib/puppet/ssl')

diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb
index 0329f5354..5054c1dbe 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -16,11 +16,16 @@ class Puppet::SSL::CertificateAuthority
 
     require 'puppet/ssl/certificate_authority/interface'
 
+    def self.ca?
+        return false unless Puppet[:ca]
+        return false unless Puppet[:name] == "puppetmasterd"
+        return true
+    end
+
     # If this process can function as a CA, then return a singleton
     # instance.
     def self.instance
-        return nil unless Puppet[:ca]
-        return nil unless Puppet[:name] == "puppetmasterd"
+        return nil unless ca?
 
         unless defined?(@instance) and @instance
             @instance = new
@@ -177,11 +182,17 @@ class Puppet::SSL::CertificateAuthority
     # file so this one is considered used.
     def next_serial
         serial = nil
+
+        # This is slightly odd.  If the file doesn't exist, our readwritelock creates
+        # it, but with a mode we can't actually read in some cases.  So, use
+        # a default before the lock.
+        unless FileTest.exist?(Puppet[:serial])
+            serial = 0x0
+        end
+
         Puppet.settings.readwritelock(:serial) { |f|
             if FileTest.exist?(Puppet[:serial])
-                serial = File.read(Puppet.settings[:serial]).chomp.hex
-            else
-                serial = 0x0
+                serial ||= File.read(Puppet.settings[:serial]).chomp.hex
             end
 
             # We store the next valid serial, not the one we just used.
diff --git a/lib/puppet/ssl/certificate_factory.rb b/lib/puppet/ssl/certificate_factory.rb
index 4b1669804..41155fd41 100644
--- a/lib/puppet/ssl/certificate_factory.rb
+++ b/lib/puppet/ssl/certificate_factory.rb
@@ -115,7 +115,7 @@ class Puppet::SSL::CertificateFactory
         dnsnames = Puppet[:certdnsnames]
         name = @name.to_s.sub(%r{/CN=},'')
         if dnsnames != ""
-            dnsnames.split(':').each { |d| subject_alt_name << 'DNS:' + d }
+            dnsnames.split(':').each { |d| @subject_alt_name << 'DNS:' + d }
             @subject_alt_name << 'DNS:' + name # Add the fqdn as an alias
         elsif name == Facter.value(:fqdn) # we're a CA server, and thus probably the server
             @subject_alt_name << 'DNS:' + "puppet" # Add 'puppet' as an alias
-- 
cgit