Puppet: System Administration Automated

Support

Ticket #942 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

handling of certdnsnames broken

Reported by: DavidS Assigned to: community
Priority: high Milestone: misspiggy
Component: server Version:
Severity: critical Keywords:
Cc: Triage Stage: Ready for checkin
Attached Patches: Code Complexity: Trivial

Description

certdnsnames in current HEAD is "*:*.*:*.*.*:*.*.*.*:*.*.*.*.*:*.*.*.*.*.*" lib/puppet/sslcertificates.rb converts this on line 64 to the subjectAltName "DNS:*:, DNS:*.*:, DNS:*.*.*:, DNS:*.*.*.*:, DNS:*.*.*.*.*:, DNS:*.*.*.*.*.*", which has a few ":" too much. To fix this, apply this small patch: 

diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb
index 1139db0..e9d5441 100755
--- a/lib/puppet/sslcertificates.rb
+++ b/lib/puppet/sslcertificates.rb
@@ -61,7 +61,7 @@ module Puppet::SSLCertificates
             key_usage = %w{cRLSign keyCertSign}
         when :server:
             basic_constraint = "CA:FALSE"
-            hash[:dnsnames].each(':') { |d| subject_alt_name << 'DNS:' + d } if hash[:dnsnames]
+            hash[:dnsnames].split(':').each { |d| subject_alt_name << 'DNS:' + d } if hash[:dnsnames]
             key_usage = %w{digitalSignature keyEncipherment}
             ext_key_usage = %w{serverAuth clientAuth}
         when :ocsp:

I know there is a better fix for this whole SSL mess in the queue at #896, but this patch is needed to create a working CA on current HEAD ([8eecbe54c96cec0de492e7ae77211637b65057e8]).

Change History

12/03/07 11:45:19 changed by DavidS

  • priority changed from normal to high.
  • complexity changed from Unknown to Trivial.
  • stage changed from Unreviewed to Ready for checkin.
  • severity changed from normal to critical.
  • milestone set to misspiggy.

12/06/07 22:52:19 changed by luke

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in [5886d37af0429728db42faf7e950d971145a643b].