From b293763f9ef2e134f18bb2c3fdaaaa502aa2c201 Mon Sep 17 00:00:00 2001
From: Luke Kanies <luke@madstop.com>
Date: Thu, 7 Feb 2008 15:34:30 -0600
Subject: Applying patch by Jay to fix #989 -- missing crl files are correctly
 ignored, and you now use 'false' instead of 'none' to explicitly ignore them.

---
 lib/puppet/defaults.rb                    | 2 +-
 lib/puppet/network/http_server/webrick.rb | 4 ++--
 lib/puppet/sslcertificates/ca.rb          | 6 +++---
 lib/puppet/util/settings.rb               | 2 +-
 4 files changed, 7 insertions(+), 7 deletions(-)

(limited to 'lib')

diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 0c8ac3f82..520a18d1a 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -232,7 +232,7 @@ module Puppet
             :owner => "$user",
             :group => "$group",
             :mode => 0664,
-            :desc => "The certificate revocation list (CRL) for the CA. Set this to 'none' if you do not want to use a CRL."
+            :desc => "The certificate revocation list (CRL) for the CA. Set this to 'false' if you do not want to use a CRL."
         },
         :caprivatedir => { :default => "$cadir/private",
             :owner => "$user",
diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb
index 3c9f72e17..e4f00dd73 100644
--- a/lib/puppet/network/http_server/webrick.rb
+++ b/lib/puppet/network/http_server/webrick.rb
@@ -22,12 +22,12 @@ module Puppet
             # with them, with flags appropriate for checking client 
             # certificates for revocation
             def x509store
-                if Puppet[:cacrl] == 'none'
+                if Puppet[:cacrl] == 'false'
                     # No CRL, no store needed
                     return nil
                 end
                 unless File.exist?(Puppet[:cacrl])
-                    raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'none' to disable CRL usage"
+                    raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage"
                 end
                 crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl]))
                 store = OpenSSL::X509::Store.new
diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb
index a3edd2cb4..888bcf5b2 100644
--- a/lib/puppet/sslcertificates/ca.rb
+++ b/lib/puppet/sslcertificates/ca.rb
@@ -194,8 +194,8 @@ class Puppet::SSLCertificates::CA
     # Revoke the certificate with serial number SERIAL issued by this
     # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons
     def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE)
-        if @config[:cacrl] == 'none'
-            raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'none'"
+        if @config[:cacrl] == 'false'
+            raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'false'"
         end
         time = Time.now
         revoked = OpenSSL::X509::Revoked.new
@@ -372,7 +372,7 @@ class Puppet::SSLCertificates::CA
             @crl = OpenSSL::X509::CRL.new(
                 File.read(@config[:cacrl])
             )
-        elsif @config[:cacrl] == 'none'
+        elsif @config[:cacrl] == 'false'
             @crl = nil
         else
             # Create new CRL
diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb
index c84a5bfb1..cf15d3194 100644
--- a/lib/puppet/util/settings.rb
+++ b/lib/puppet/util/settings.rb
@@ -1124,7 +1124,7 @@ Generated on #{Time.now}.
         # the variable 'dir', or adding a slash at the end.
         def munge(value)
             # If it's not a fully qualified path...
-            if value.is_a?(String) and value !~ /^\$/ and value !~ /^\//
+            if value.is_a?(String) and value !~ /^\$/ and value !~ /^\// and value != 'false'
                 # Make it one
                 value = File.join(Dir.getwd, value)
             end
-- 
cgit