Jira (PUP-9481) Setting certname in multiple sections bypasses validation

0 views
Skip to first unread message

Dylan Ratcliffe (JIRA)

unread,
Feb 8, 2019, 4:44:03 AM2/8/19
to puppe...@googlegroups.com
Dylan Ratcliffe updated an issue
 
Puppet / Bug PUP-9481
Setting certname in multiple sections bypasses validation
Change By: Dylan Ratcliffe
CS Priority: Needs Priority
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Dylan Ratcliffe (JIRA)

unread,
Feb 8, 2019, 4:44:03 AM2/8/19
to puppe...@googlegroups.com
Dylan Ratcliffe created an issue
Issue Type: Bug Bug
Affects Versions: PUP 6.0.5
Assignee: Unassigned
Created: 2019/02/08 1:43 AM
Priority: Normal Normal
Reporter: Dylan Ratcliffe

Puppet Version: 6.0.5
Puppet Server Version: N/A
OS Name/Version: Windows Server 2012, CentOS 7

When a config file is created with the certname setting on both the agent and main sections as follows:

[main]
 
certname = my-windows-server.puppet.com
 
[agent]
 
certname = MY-WINDOWS-SERVER.puppet.com

Puppet's validation that certnames must be lowercase if bypassed and allows for very broken certs to be generated

Desired Behavior: Cert generation fails with "Error: Could not initialize global default settings: Certificate names must be lower case"

Actual Behavior: Certs are generated with uppercase names

 

Rob Braden (JIRA)

unread,
Feb 8, 2019, 4:27:03 PM2/8/19
to puppe...@googlegroups.com
Rob Braden updated an issue
Change By: Rob Braden
Sprint: Coremunity Grooming

Rob Braden (JIRA)

unread,
Feb 8, 2019, 4:27:04 PM2/8/19
to puppe...@googlegroups.com
Rob Braden updated an issue
Change By: Rob Braden
Team: Coremunity

Adam Bottchen (JIRA)

unread,
Feb 21, 2019, 7:19:03 PM2/21/19
to puppe...@googlegroups.com
Adam Bottchen updated an issue
Change By: Adam Bottchen
CS Priority: Needs Priority Reviewed

Josh Cooper (JIRA)

unread,
Sep 17, 2019, 11:28:05 PM9/17/19
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Grooming

Rob Braden (JIRA)

unread,
Oct 14, 2019, 4:11:03 PM10/14/19
to puppe...@googlegroups.com
Rob Braden updated an issue
Change By: Rob Braden
Sprint: Coremunity Grooming

Josh Cooper (Jira)

unread,
Aug 18, 2020, 1:35:03 AM8/18/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Coremunity Grooming
This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)
Atlassian logo

Josh Cooper (Jira)

unread,
Oct 15, 2020, 8:15:02 PM10/15/20
to puppe...@googlegroups.com
Josh Cooper assigned an issue to Josh Cooper
Change By: Josh Cooper
Assignee: Josh Cooper

Josh Cooper (Jira)

unread,
Oct 15, 2020, 8:15:03 PM10/15/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Sprint: Platform Core KANBAN

Josh Cooper (Jira)

unread,
Oct 19, 2020, 3:13:02 PM10/19/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 6.20.0

Josh Cooper (Jira)

unread,
Oct 20, 2020, 2:29:02 PM10/20/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Release Notes: Bug Fix
Release Notes Summary: Previously puppet only validated the "certname" setting in the "main" setting, but not in other settings such as "agent". As a result, it was possible to set the "certname" setting to a value containing uppercase letters, which prevented the agent from obtaining a certificate. Puppet now validates settings with hooks.

Josh Cooper (Jira)

unread,
Oct 20, 2020, 2:30:03 PM10/20/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Release Notes Summary: Previously puppet only validated the "certname" setting in the "main" setting, but not in other settings such as "agent". As a result, it was possible to set the "certname" setting to a value containing uppercase letters, which prevented the agent from obtaining a certificate. Puppet now validates settings with hooks the certname setting regardless of which setting it is in .

Josh Cooper (Jira)

unread,
Oct 27, 2020, 12:27:03 PM10/27/20
to puppe...@googlegroups.com

Josh Cooper (Jira)

unread,
Oct 27, 2020, 7:28:03 PM10/27/20
to puppe...@googlegroups.com
Josh Cooper commented on Bug PUP-9481

Passed CI in 06b7b17319

Josh Cooper (Jira)

unread,
Oct 27, 2020, 7:30:03 PM10/27/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Fix Version/s: PUP 7.0.0

Josh Cooper (Jira)

unread,
Oct 27, 2020, 7:30:03 PM10/27/20
to puppe...@googlegroups.com
Josh Cooper updated an issue
Change By: Josh Cooper
Release Notes Summary: Previously puppet only validated the "certname" setting if the was specified in the "main" setting, but not if the value was in other settings a non-global setting such as "agent". As a result, it was possible to set the "certname" setting to a value containing uppercase letters, which prevented the agent from obtaining a certificate the next time it ran . Puppet now validates the certname setting regardless of which setting it the value is specified in.

Claire Cadman (Jira)

unread,
Nov 10, 2020, 5:02:03 AM11/10/20
to puppe...@googlegroups.com
Claire Cadman updated an issue
Change By: Claire Cadman
Labels: doc_reviewed
Reply all
Reply to author
Forward
0 new messages