From 66cf3a925b4b6d9b40cbdf95f2be6575bb05a881 Mon Sep 17 00:00:00 2001 From: Jacob Helwig Date: Tue, 21 Sep 2010 14:01:15 -0700 Subject: Fix #4226 - Prepend 'Puppet CA: ' to fqdn for default root ca_name Having a root ca_name that matches the fqdn of the puppet master would cause certificate lookup problems on some clients, resulting in failed SSL negotiation. Signed-off-by: Jacob Helwig --- spec/integration/defaults_spec.rb | 2 +- spec/unit/sslcertificates/ca_spec.rb | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) (limited to 'spec') diff --git a/spec/integration/defaults_spec.rb b/spec/integration/defaults_spec.rb index 4ae2983f4..1f90c7cbc 100755 --- a/spec/integration/defaults_spec.rb +++ b/spec/integration/defaults_spec.rb @@ -227,7 +227,7 @@ describe "Puppet defaults" do it "should have a :caname setting that defaults to the cert name" do Puppet.settings[:certname] = "foo" - Puppet.settings[:ca_name].should == "foo" + Puppet.settings[:ca_name].should == "Puppet CA: foo" end it "should have a 'prerun_command' that defaults to the empty string" do diff --git a/spec/unit/sslcertificates/ca_spec.rb b/spec/unit/sslcertificates/ca_spec.rb index aa7e25ff3..b1393b25d 100644 --- a/spec/unit/sslcertificates/ca_spec.rb +++ b/spec/unit/sslcertificates/ca_spec.rb @@ -1,6 +1,6 @@ #!/usr/bin/env ruby - require File.dirname(__FILE__) + '/../../spec_helper' + require 'puppet' require 'puppet/sslcertificates' require 'puppet/sslcertificates/ca' @@ -95,5 +95,16 @@ describe Puppet::SSLCertificates::CA do it 'should store the public key' do File.exists?(Puppet[:capub]).should be_true end + + it 'should prepend "Puppet CA: " to the fqdn as the ca_name by default' do + host_mock_fact = mock() + host_mock_fact.expects(:value).returns('myhost') + domain_mock_fact = mock() + domain_mock_fact.expects(:value).returns('puppetlabs.lan') + Facter.stubs(:[]).with('hostname').returns(host_mock_fact) + Facter.stubs(:[]).with('domain').returns(domain_mock_fact) + + @ca.mkrootcert.name.should == 'Puppet CA: myhost.puppetlabs.lan' + end end end -- cgit