C:\Users\Administrator\puppet>git rev-parse HEAD |
178ff2e2e0508edd90b577b0d79cbe55f172da1c |
|
C:\Users\Administrator\puppet>bundle exec rspec spec |
... |
1) apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA |
Failure/Error: |
expect { |
apply.command_line.args = ['-e', 'notify { "hi": }'] |
apply.run |
}.to exit_with(0) |
.and output(/Applied catalog/).to_stdout |
.and output(/Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/).to_stderr |
|
expected block to output /Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/ to stderr, but output "\e[1;31mError: Report processor failed: certificate verify failed [self-signed certificate in certificate chain for CN=Unknown CA]\e[0m\n" |
# ./spec/integration/application/apply_spec.rb:627:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/application/apply_spec.rb:622:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
2) Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown |
Failure/Error: |
expect { |
client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: alt_context}) |
}.to raise_error(Puppet::SSL::CertVerifyError, |
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.}) |
|
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: |
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' |
# ./lib/puppet/http/pool.rb:66:in `rescue in start' |
# ./lib/puppet/http/pool.rb:62:in `start' |
# ./lib/puppet/http/pool.rb:107:in `borrow' |
# ./lib/puppet/http/pool.rb:22:in `with_connection' |
# ./lib/puppet/http/client.rb:149:in `connect' |
# ./lib/puppet/http/client.rb:366:in `execute_streaming' |
# ./lib/puppet/http/client.rb:203:in `get' |
# ./spec/integration/http/client_spec.rb:54:in `block (5 levels) in <top (required)>' |
# ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
3) Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store |
Failure/Error: |
expect { |
client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context}) |
}.to raise_error(Puppet::SSL::CertVerifyError, |
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.}) |
|
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: |
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' |
# ./lib/puppet/http/pool.rb:66:in `rescue in start' |
# ./lib/puppet/http/pool.rb:62:in `start' |
# ./lib/puppet/http/pool.rb:107:in `borrow' |
# ./lib/puppet/http/pool.rb:22:in `with_connection' |
# ./lib/puppet/http/client.rb:149:in `connect' |
# ./lib/puppet/http/client.rb:366:in `execute_streaming' |
# ./lib/puppet/http/client.rb:203:in `get' |
# ./spec/integration/http/client_spec.rb:171:in `block (5 levels) in <top (required)>' |
# ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
4) Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown |
Failure/Error: |
expect { |
http.get('/') |
}.to raise_error(Puppet::Error, |
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.}) |
|
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: |
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' |
# ./lib/puppet/http/pool.rb:66:in `rescue in start' |
# ./lib/puppet/http/pool.rb:62:in `start' |
# ./lib/puppet/http/pool.rb:107:in `borrow' |
# ./lib/puppet/http/pool.rb:22:in `with_connection' |
# ./lib/puppet/http/client.rb:149:in `connect' |
# ./lib/puppet/http/client.rb:366:in `execute_streaming' |
# ./lib/puppet/http/client.rb:203:in `get' |
# ./lib/puppet/network/http/connection.rb:102:in `block in get' |
# ./lib/puppet/network/http/connection.rb:274:in `with_error_handling' |
# ./lib/puppet/network/http/connection.rb:101:in `get' |
# ./spec/integration/network/http_pool_spec.rb:78:in `block (6 levels) in <top (required)>' |
# ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>' |
# ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
Shared Example Group: "HTTPS client" called from ./spec/integration/network/http_pool_spec.rb:103 |
# ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>' |
# ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
5) Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown |
Failure/Error: |
expect { |
http.get('/') |
}.to raise_error(Puppet::Error, |
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.}) |
|
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: |
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' |
# ./lib/puppet/http/pool.rb:66:in `rescue in start' |
# ./lib/puppet/http/pool.rb:62:in `start' |
# ./lib/puppet/http/pool.rb:107:in `borrow' |
# ./lib/puppet/http/pool.rb:22:in `with_connection' |
# ./lib/puppet/http/client.rb:149:in `connect' |
# ./lib/puppet/http/client.rb:366:in `execute_streaming' |
# ./lib/puppet/http/client.rb:203:in `get' |
# ./lib/puppet/network/http/connection.rb:102:in `block in get' |
# ./lib/puppet/network/http/connection.rb:274:in `with_error_handling' |
# ./lib/puppet/network/http/connection.rb:101:in `get' |
# ./spec/integration/network/http_pool_spec.rb:220:in `block (5 levels) in <top (required)>' |
# ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>' |
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' |
# ./spec/lib/puppet_spec/https.rb:41:in `pipe' |
# ./spec/lib/puppet_spec/https.rb:41:in `start_server' |
# ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
6) Puppet::Application::Ssl when submitting a CSR generates an EC private key |
Failure/Error: raise Puppet::Error.new(_("Failed to submit certificate request: %{message}") % { message: e.message }, e) |
|
Puppet::Error: |
Failed to submit certificate request: pkeys are immutable on OpenSSL 3.0 |
# ./lib/puppet/application/ssl.rb:187:in `rescue in submit_request' |
# ./lib/puppet/application/ssl.rb:162:in `submit_request' |
# ./lib/puppet/application/ssl.rb:127:in `main' |
# ./lib/puppet/application.rb:437:in `run_command' |
# ./spec/unit/application/ssl_spec.rb:40:in `block in expects_command_to_pass' |
# ./spec/unit/application/ssl_spec.rb:39:in `expects_command_to_pass' |
# ./spec/unit/application/ssl_spec.rb:119:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ------------------ |
# --- Caused by: --- |
# OpenSSL::PKey::PKeyError: |
# pkeys are immutable on OpenSSL 3.0 |
# ./lib/puppet/ssl/certificate_request.rb:73:in `public_key=' |
|
7) Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH |
Failure/Error: execute(cmd, {:failonfail => true, :combine => true, :custom_environment => custom_environment}) |
|
#<Puppet::Type::Package::ProviderGem (class)> received :execute with unexpected arguments |
expected: (anything, hash_including(:custom_environment=>"hash_including(:PATH=>\"C:\\\\Program Files\\\\Puppet Labs\\\\Puppet\\\\bin;C:\\\\Ruby26-x64\\\\bin;C:\\\\Windows\\\\system32\\\\bin\")")) |
got: (["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]], {:combine=>true, :custom_environment=>{"HOME"=>nil, :PATH=>"C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\...ocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"}, :failonfail=>true}) |
Diff: |
@@ -1,3 +1,8 @@ |
-["anything", |
- "hash_including(:custom_environment=>\"hash_including(:PATH=>\\\"C:\\\\\\\\Program Files\\\\\\\\Puppet Labs\\\\\\\\Puppet\\\\\\\\bin;C:\\\\\\\\Ruby26-x64\\\\\\\\bin;C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\bin\\\")\")"] |
+[["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]], |
+ {:combine=>true, |
+ :custom_environment=> |
+ {"HOME"=>nil, |
+ :PATH=> |
+ "C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\\Ruby32-x64\\bin;C:\\Ruby32-x64\\msys64\\ucrt64\\bin;C:\\Ruby32-x64\\msys64\\usr\\bin;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Packer\\SysInternals;C:\\Program Files\\Git\\cmd;C:\\Program Files\\PowerShell\\7\\;C:\\ProgramData\\chocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"}, |
+ :failonfail=>true}] |
|
# ./lib/puppet/provider/package/gem.rb:82:in `execute_gem_command' |
# ./lib/puppet/provider/package/gem.rb:251:in `install' |
# ./spec/unit/provider/package/gem_spec.rb:67:in `block (5 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
8) Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available |
Failure/Error: content.sign(key, @digest.new) |
|
OpenSSL::X509::RequestError: |
internal error |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./spec/unit/ssl/certificate_request_spec.rb:319:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
9) Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available |
Failure/Error: content.sign(key, @digest.new) |
|
OpenSSL::X509::RequestError: |
internal error |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./spec/unit/ssl/certificate_request_spec.rb:330:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
10) Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available |
Failure/Error: content.sign(key, @digest.new) |
|
OpenSSL::X509::RequestError: |
internal error |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./spec/unit/ssl/certificate_request_spec.rb:342:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
11) Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available |
Failure/Error: content.sign(key, @digest.new) |
|
OpenSSL::X509::RequestError: |
internal error |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' |
# ./spec/unit/ssl/certificate_request_spec.rb:354:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
12) Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created |
Failure/Error: |
expect do |
request.generate(key, :csr_attributes => csr_attributes) |
end.to raise_error Puppet::Error, /Cannot create CSR with attribute thats\.no\.moon: first num too large/ |
|
expected Puppet::Error with message matching /Cannot create CSR with attribute thats\.no\.moon: first num too large/, got #<Puppet::Error: Cannot create CSR with attribute thats.no.moon: unknown object name> with backtrace: |
# ./lib/puppet/ssl/certificate_request.rb:224:in `oid=' |
# ./lib/puppet/ssl/certificate_request.rb:224:in `initialize' |
# ./lib/puppet/ssl/certificate_request.rb:224:in `new' |
# ./lib/puppet/ssl/certificate_request.rb:224:in `block in add_csr_attributes' |
# ./lib/puppet/ssl/certificate_request.rb:215:in `each' |
# ./lib/puppet/ssl/certificate_request.rb:215:in `add_csr_attributes' |
# ./lib/puppet/ssl/certificate_request.rb:80:in `generate' |
# ./spec/unit/ssl/certificate_request_spec.rb:200:in `block (5 levels) in <top (required)>' |
# ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
13) Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created |
Failure/Error: |
expect do |
request.generate(key, :extension_requests => exts) |
end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/ |
|
expected Puppet::Error with message matching /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/, got #<Puppet::Error: Cannot create CSR with extension request thats.no.moon: OBJ_txt2obj: unknown object name> with backtrace: |
# ./lib/puppet/ssl/certificate_request.rb:247:in `oid=' |
# ./lib/puppet/ssl/certificate_request.rb:247:in `initialize' |
# ./lib/puppet/ssl/certificate_request.rb:247:in `new' |
# ./lib/puppet/ssl/certificate_request.rb:247:in `block in extension_request_attribute' |
# ./lib/puppet/ssl/certificate_request.rb:241:in `each_pair' |
# ./lib/puppet/ssl/certificate_request.rb:241:in `extension_request_attribute' |
# ./lib/puppet/ssl/certificate_request.rb:83:in `generate' |
# ./spec/unit/ssl/certificate_request_spec.rb:273:in `block (5 levels) in <top (required)>' |
# ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
14) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false |
Failure/Error: |
expect { |
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false)) |
}.to raise_error(Puppet::SSL::CertVerifyError, |
"Certificate 'CN=Test CA' failed verification (24): invalid CA certificate") |
|
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA' failed verification (79): invalid CA certificate> with backtrace: |
# ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error' |
# ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store' |
# ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain' |
# ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context' |
# ./spec/unit/ssl/ssl_provider_spec.rb:463:in `block (4 levels) in <top (required)>' |
# ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
15) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false |
Failure/Error: |
expect { |
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false)) |
}.to raise_error(Puppet::SSL::CertVerifyError, |
"Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate") |
|
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA Subauthority' failed verification (79): invalid CA certificate> with backtrace: |
# ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error' |
# ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store' |
# ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain' |
# ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context' |
# ./spec/unit/ssl/ssl_provider_spec.rb:473:in `block (4 levels) in <top (required)>' |
# ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
16) Puppet::X509::CertProvider when loading private keys using RSA raises without a password |
Failure/Error: |
expect { |
provider.load_private_key('encrypted-key') |
}.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/) |
|
expected OpenSSL::PKey::PKeyError with message matching /Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace: |
# ./lib/puppet/x509/cert_provider.rb:211:in `read' |
# ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem' |
# ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key' |
# ./spec/unit/x509/cert_provider_spec.rb:282:in `block (6 levels) in <top (required)>' |
# ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
17) Puppet::X509::CertProvider when loading private keys using EC raises without a password |
Failure/Error: |
expect { |
provider.load_private_key('encrypted-ec-key') |
}.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/) |
|
expected OpenSSL::PKey::PKeyError with message matching /(unknown|invalid) curve name|Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace: |
# ./lib/puppet/x509/cert_provider.rb:211:in `read' |
# ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem' |
# ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key' |
# ./spec/unit/x509/cert_provider_spec.rb:317:in `block (6 levels) in <top (required)>' |
# ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
# ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>' |
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' |
|
Finished in 39 minutes 8 seconds (files took 1 minute 18.98 seconds to load) |
25119 examples, 17 failures, 66 pending |
|
Failed examples: |
|
rspec ./spec/integration/application/apply_spec.rb:621 # apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA |
rspec ./spec/integration/http/client_spec.rb:48 # Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown |
rspec ./spec/integration/http/client_spec.rb:166 # Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store |
rspec ./spec/integration/network/http_pool_spec.rb:66 # Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown |
rspec ./spec/integration/network/http_pool_spec.rb:214 # Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown |
rspec ./spec/unit/application/ssl_spec.rb:112 # Puppet::Application::Ssl when submitting a CSR generates an EC private key |
rspec ./spec/unit/provider/package/gem_spec.rb:60 # Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH |
rspec ./spec/unit/ssl/certificate_request_spec.rb:314 # Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available |
rspec ./spec/unit/ssl/certificate_request_spec.rb:323 # Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available |
rspec ./spec/unit/ssl/certificate_request_spec.rb:334 # Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available |
rspec ./spec/unit/ssl/certificate_request_spec.rb:346 # Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available |
rspec ./spec/unit/ssl/certificate_request_spec.rb:196 # Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created |
rspec ./spec/unit/ssl/certificate_request_spec.rb:270 # Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created |
rspec ./spec/unit/ssl/ssl_provider_spec.rb:459 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false |
rspec ./spec/unit/ssl/ssl_provider_spec.rb:469 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false |
rspec ./spec/unit/x509/cert_provider_spec.rb:279 # Puppet::X509::CertProvider when loading private keys using RSA raises without a password |
rspec ./spec/unit/x509/cert_provider_spec.rb:314 # Puppet::X509::CertProvider when loading private keys using EC raises without a password
|
