Currently getting these test failures on puppet#main with Ruby 3.2.0/OpenSSL3.0 on Windows. Note the setup-ruby github action will automatically install OpenSSL3 when using Ruby 3.2, see https://github.com/ruby/setup-ruby/blob/319066216501fbd5e2d568f14b7d68c19fb67a5d/windows.js#L107-L111 For this ticket, resolve these failures and add ruby 3.2 to the GH action for Windows, similar to what was done in https://github.com/puppetlabs/facter/commit/335d8757bf4bad08d1194a595108382b1a39bd91
{noformat} C:\Users\Administrator\puppet>git rev-parse HEAD 178ff2e2e0508edd90b577b0d79cbe55f172da1c
C:\Users\Administrator\puppet>bundle exec rspec spec ... 1) apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA Failure/Error: expect { apply.command_line.args = ['-e', 'notify { "hi": }'] apply.run }.to exit_with(0) .and output(/Applied catalog/).to_stdout .and output(/Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/).to_stderr
expected block to output /Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/ to stderr, but output "\e[1;31mError: Report processor failed: certificate verify failed [self-signed certificate in certificate chain for CN=Unknown CA]\e[0m\n" # ./spec/integration/application/apply_spec.rb:627:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/application/apply_spec.rb:622:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
2) Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown Failure/Error: expect { client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: alt_context}) }.to raise_error(Puppet::SSL::CertVerifyError, %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: # ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' # ./lib/puppet/http/pool.rb:66:in `rescue in start' # ./lib/puppet/http/pool.rb:62:in `start' # ./lib/puppet/http/pool.rb:107:in `borrow' # ./lib/puppet/http/pool.rb:22:in `with_connection' # ./lib/puppet/http/client.rb:149:in `connect' # ./lib/puppet/http/client.rb:366:in `execute_streaming' # ./lib/puppet/http/client.rb:203:in `get' # ./spec/integration/http/client_spec.rb:54:in `block (5 levels) in <top (required)>' # ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
3) Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store Failure/Error: expect { client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context}) }.to raise_error(Puppet::SSL::CertVerifyError, %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: # ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' # ./lib/puppet/http/pool.rb:66:in `rescue in start' # ./lib/puppet/http/pool.rb:62:in `start' # ./lib/puppet/http/pool.rb:107:in `borrow' # ./lib/puppet/http/pool.rb:22:in `with_connection' # ./lib/puppet/http/client.rb:149:in `connect' # ./lib/puppet/http/client.rb:366:in `execute_streaming' # ./lib/puppet/http/client.rb:203:in `get' # ./spec/integration/http/client_spec.rb:171:in `block (5 levels) in <top (required)>' # ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
4) Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown Failure/Error: expect { http.get('/') }.to raise_error(Puppet::Error, %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: # ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' # ./lib/puppet/http/pool.rb:66:in `rescue in start' # ./lib/puppet/http/pool.rb:62:in `start' # ./lib/puppet/http/pool.rb:107:in `borrow' # ./lib/puppet/http/pool.rb:22:in `with_connection' # ./lib/puppet/http/client.rb:149:in `connect' # ./lib/puppet/http/client.rb:366:in `execute_streaming' # ./lib/puppet/http/client.rb:203:in `get' # ./lib/puppet/network/http/connection.rb:102:in `block in get' # ./lib/puppet/network/http/connection.rb:274:in `with_error_handling' # ./lib/puppet/network/http/connection.rb:101:in `get' # ./spec/integration/network/http_pool_spec.rb:78:in `block (6 levels) in <top (required)>' # ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>' # ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' Shared Example Group: "HTTPS client" called from ./spec/integration/network/http_pool_spec.rb:103 # ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>' # ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
5) Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown Failure/Error: expect { http.get('/') }.to raise_error(Puppet::Error, %r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace: # ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error' # ./lib/puppet/http/pool.rb:66:in `rescue in start' # ./lib/puppet/http/pool.rb:62:in `start' # ./lib/puppet/http/pool.rb:107:in `borrow' # ./lib/puppet/http/pool.rb:22:in `with_connection' # ./lib/puppet/http/client.rb:149:in `connect' # ./lib/puppet/http/client.rb:366:in `execute_streaming' # ./lib/puppet/http/client.rb:203:in `get' # ./lib/puppet/network/http/connection.rb:102:in `block in get' # ./lib/puppet/network/http/connection.rb:274:in `with_error_handling' # ./lib/puppet/network/http/connection.rb:101:in `get' # ./spec/integration/network/http_pool_spec.rb:220:in `block (5 levels) in <top (required)>' # ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>' # ./spec/lib/puppet_spec/https.rb:81:in `block in start_server' # ./spec/lib/puppet_spec/https.rb:41:in `pipe' # ./spec/lib/puppet_spec/https.rb:41:in `start_server' # ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
6) Puppet::Application::Ssl when submitting a CSR generates an EC private key Failure/Error: raise Puppet::Error.new(_("Failed to submit certificate request: %{message}") % { message: e.message }, e)
Puppet::Error: Failed to submit certificate request: pkeys are immutable on OpenSSL 3.0 # ./lib/puppet/application/ssl.rb:187:in `rescue in submit_request' # ./lib/puppet/application/ssl.rb:162:in `submit_request' # ./lib/puppet/application/ssl.rb:127:in `main' # ./lib/puppet/application.rb:437:in `run_command' # ./spec/unit/application/ssl_spec.rb:40:in `block in expects_command_to_pass' # ./spec/unit/application/ssl_spec.rb:39:in `expects_command_to_pass' # ./spec/unit/application/ssl_spec.rb:119:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ------------------ # --- Caused by: --- # OpenSSL::PKey::PKeyError: # pkeys are immutable on OpenSSL 3.0 # ./lib/puppet/ssl/certificate_request.rb:73:in `public_key='
7) Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH Failure/Error: execute(cmd, {:failonfail => true, :combine => true, :custom_environment => custom_environment})
#<Puppet::Type::Package::ProviderGem (class)> received :execute with unexpected arguments expected: (anything, hash_including(:custom_environment=>"hash_including(:PATH=>\"C:\\\\Program Files\\\\Puppet Labs\\\\Puppet\\\\bin;C:\\\\Ruby26-x64\\\\bin;C:\\\\Windows\\\\system32\\\\bin\")")) got: (["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]], {:combine=>true, :custom_environment=>{"HOME"=>nil, :PATH=>"C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\...ocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"}, :failonfail=>true}) Diff: @@ -1,3 +1,8 @@ -["anything", - "hash_including(:custom_environment=>\"hash_including(:PATH=>\\\"C:\\\\\\\\Program Files\\\\\\\\Puppet Labs\\\\\\\\Puppet\\\\\\\\bin;C:\\\\\\\\Ruby26-x64\\\\\\\\bin;C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\bin\\\")\")"] +[["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]], + {:combine=>true, + :custom_environment=> + {"HOME"=>nil, + :PATH=> + "C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\\Ruby32-x64\\bin;C:\\Ruby32-x64\\msys64\\ucrt64\\bin;C:\\Ruby32-x64\\msys64\\usr\\bin;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Packer\\SysInternals;C:\\Program Files\\Git\\cmd;C:\\Program Files\\PowerShell\\7\\;C:\\ProgramData\\chocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"}, + :failonfail=>true}]
# ./lib/puppet/provider/package/gem.rb:82:in `execute_gem_command' # ./lib/puppet/provider/package/gem.rb:251:in `install' # ./spec/unit/provider/package/gem_spec.rb:67:in `block (5 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
8) Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError: internal error # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./spec/unit/ssl/certificate_request_spec.rb:319:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
9) Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError: internal error # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./spec/unit/ssl/certificate_request_spec.rb:330:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
10) Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError: internal error # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./spec/unit/ssl/certificate_request_spec.rb:342:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
11) Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError: internal error # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./lib/puppet/ssl/certificate_signer.rb:37:in `sign' # ./spec/unit/ssl/certificate_request_spec.rb:354:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
12) Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created Failure/Error: expect do request.generate(key, :csr_attributes => csr_attributes) end.to raise_error Puppet::Error, /Cannot create CSR with attribute thats\.no\.moon: first num too large/
expected Puppet::Error with message matching /Cannot create CSR with attribute thats\.no\.moon: first num too large/, got #<Puppet::Error: Cannot create CSR with attribute thats.no.moon: unknown object name> with backtrace: # ./lib/puppet/ssl/certificate_request.rb:224:in `oid=' # ./lib/puppet/ssl/certificate_request.rb:224:in `initialize' # ./lib/puppet/ssl/certificate_request.rb:224:in `new' # ./lib/puppet/ssl/certificate_request.rb:224:in `block in add_csr_attributes' # ./lib/puppet/ssl/certificate_request.rb:215:in `each' # ./lib/puppet/ssl/certificate_request.rb:215:in `add_csr_attributes' # ./lib/puppet/ssl/certificate_request.rb:80:in `generate' # ./spec/unit/ssl/certificate_request_spec.rb:200:in `block (5 levels) in <top (required)>' # ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
13) Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created Failure/Error: expect do request.generate(key, :extension_requests => exts) end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/
expected Puppet::Error with message matching /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/, got #<Puppet::Error: Cannot create CSR with extension request thats.no.moon: OBJ_txt2obj: unknown object name> with backtrace: # ./lib/puppet/ssl/certificate_request.rb:247:in `oid=' # ./lib/puppet/ssl/certificate_request.rb:247:in `initialize' # ./lib/puppet/ssl/certificate_request.rb:247:in `new' # ./lib/puppet/ssl/certificate_request.rb:247:in `block in extension_request_attribute' # ./lib/puppet/ssl/certificate_request.rb:241:in `each_pair' # ./lib/puppet/ssl/certificate_request.rb:241:in `extension_request_attribute' # ./lib/puppet/ssl/certificate_request.rb:83:in `generate' # ./spec/unit/ssl/certificate_request_spec.rb:273:in `block (5 levels) in <top (required)>' # ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
14) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false Failure/Error: expect { subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false)) }.to raise_error(Puppet::SSL::CertVerifyError, "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA' failed verification (79): invalid CA certificate> with backtrace: # ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error' # ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store' # ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain' # ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context' # ./spec/unit/ssl/ssl_provider_spec.rb:463:in `block (4 levels) in <top (required)>' # ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
15) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false Failure/Error: expect { subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false)) }.to raise_error(Puppet::SSL::CertVerifyError, "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA Subauthority' failed verification (79): invalid CA certificate> with backtrace: # ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error' # ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store' # ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain' # ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context' # ./spec/unit/ssl/ssl_provider_spec.rb:473:in `block (4 levels) in <top (required)>' # ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
16) Puppet::X509::CertProvider when loading private keys using RSA raises without a password Failure/Error: expect { provider.load_private_key('encrypted-key') }.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/)
expected OpenSSL::PKey::PKeyError with message matching /Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace: # ./lib/puppet/x509/cert_provider.rb:211:in `read' # ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem' # ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key' # ./spec/unit/x509/cert_provider_spec.rb:282:in `block (6 levels) in <top (required)>' # ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
17) Puppet::X509::CertProvider when loading private keys using EC raises without a password Failure/Error: expect { provider.load_private_key('encrypted-ec-key') }.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/)
expected OpenSSL::PKey::PKeyError with message matching /(unknown|invalid) curve name|Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace: # ./lib/puppet/x509/cert_provider.rb:211:in `read' # ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem' # ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key' # ./spec/unit/x509/cert_provider_spec.rb:317:in `block (6 levels) in <top (required)>' # ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>' # ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>' # ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
Finished in 39 minutes 8 seconds (files took 1 minute 18.98 seconds to load) 25119 examples, 17 failures, 66 pending
Failed examples:
rspec ./spec/integration/application/apply_spec.rb:621 # apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA rspec ./spec/integration/http/client_spec.rb:48 # Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown rspec ./spec/integration/http/client_spec.rb:166 # Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store rspec ./spec/integration/network/http_pool_spec.rb:66 # Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown rspec ./spec/integration/network/http_pool_spec.rb:214 # Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown rspec ./spec/unit/application/ssl_spec.rb:112 # Puppet::Application::Ssl when submitting a CSR generates an EC private key rspec ./spec/unit/provider/package/gem_spec.rb:60 # Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH rspec ./spec/unit/ssl/certificate_request_spec.rb:314 # Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available rspec ./spec/unit/ssl/certificate_request_spec.rb:323 # Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available rspec ./spec/unit/ssl/certificate_request_spec.rb:334 # Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available rspec ./spec/unit/ssl/certificate_request_spec.rb:346 # Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available rspec ./spec/unit/ssl/certificate_request_spec.rb:196 # Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created rspec ./spec/unit/ssl/certificate_request_spec.rb:270 # Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created rspec ./spec/unit/ssl/ssl_provider_spec.rb:459 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false rspec ./spec/unit/ssl/ssl_provider_spec.rb:469 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false rspec ./spec/unit/x509/cert_provider_spec.rb:279 # Puppet::X509::CertProvider when loading private keys using RSA raises without a password rspec ./spec/unit/x509/cert_provider_spec.rb:314 # Puppet::X509::CertProvider when loading private keys using EC raises without a password {noformat} |
|
|