Jira (PUP-11522) Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-11522 Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store' Change By: Josh Cooper Summary: Allow Puppet::HTTP::Client to connect to a server the puppet certificate for requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store' Add Comment

This message was sent by Atlassian Jira (v8.20.2#820002-sha1:829506d)

[Jarret Lavallee (Jira)]

Jarret Lavallee commented on PUP-11522

Re: Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store' joshThanks for the information and getting a PR up for this. The clarification on the difference of the system context filled some gaps for me.

Add Comment

[Tony Vu (Jira)]

Tony Vu updated an issue

Puppet / PUP-11522

Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

Change By: Tony Vu Sprint: Phoenix 2022-05-11 , Phoenix 2022-05-25

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-11522 Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

Change By: Josh Cooper Acceptance Criteria: create_context and load_context methods should behave like create_system_context wrt the include_system_store parameter and ssl_trust_store config path setting When using the http client in puppet it should be possible to connect to a https server that requires client certs and whose server cert is issued by a third party CA . Eg. should be possible to call " post(url, options: { include_system_store: true } ) " and connect to server described above

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-11522 Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

Change By: Josh Cooper Acceptance Criteria: When using the http client in puppet it should be possible to connect to a https server that requires client certs and whose server cert is issued by a third party CA. Eg. should be possible to call "post(url, options: \ {include_system_store: true})" and connect to server described above

Add Comment

[Josh Cooper (Jira)]

Josh Cooper updated an issue

Puppet / PUP-11522 Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

Change By: Josh Cooper Release Notes: Bug Fix Release Notes Summary: Puppet's http client can now establish a mutually authenticated TLS connection when passing "include_system_store: true" such as when retrieving file content from HTTPS servers. Previously puppet did not add its client certificate to the SSL context, so the connection would fail if the HTTPS server *required* a client certificate.

Add Comment

[Parker Leach (Jira)]

Parker Leach updated an issue

Puppet / PUP-11522 Allow Puppet::HTTP::Client to connect to a server requiring client cert authentication and whose server cert is issued by a CA in the 'ssl_trust_store'

Change By: Parker Leach Labels: docs_reviewed jira_escalated

Add Comment