Currently getting these test failures on puppet#main with Ruby 3.2.0/OpenSSL3.0 on Windows.
Note the setup-ruby github action will automatically install OpenSSL3 when using Ruby 3.2, see https://github.com/ruby/setup-ruby/blob/319066216501fbd5e2d568f14b7d68c19fb67a5d/windows.js#L107-L111
For this ticket, resolve these failures and add ruby 3.2 to the GH action for Windows, similar to what was done in https://github.com/puppetlabs/facter/commit/335d8757bf4bad08d1194a595108382b1a39bd91
{noformat}
C:\Users\Administrator\puppet>git rev-parse HEAD
178ff2e2e0508edd90b577b0d79cbe55f172da1c
C:\Users\Administrator\puppet>bundle exec rspec spec
...
1) apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA
Failure/Error:
expect {
apply.command_line.args = ['-e', 'notify { "hi": }']
apply.run
}.to exit_with(0)
.and output(/Applied catalog/).to_stdout
.and output(/Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/).to_stderr
expected block to output /Report processor failed: certificate verify failed \[self signed certificate in certificate chain for CN=Unknown CA\]/ to stderr, but output "\e[1;31mError: Report processor failed: certificate verify failed [self-signed certificate in certificate chain for CN=Unknown CA]\e[0m\n"
# ./spec/integration/application/apply_spec.rb:627:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/application/apply_spec.rb:622:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
2) Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown
Failure/Error:
expect {
client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: alt_context})
}.to raise_error(Puppet::SSL::CertVerifyError,
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace:
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error'
# ./lib/puppet/http/pool.rb:66:in `rescue in start'
# ./lib/puppet/http/pool.rb:62:in `start'
# ./lib/puppet/http/pool.rb:107:in `borrow'
# ./lib/puppet/http/pool.rb:22:in `with_connection'
# ./lib/puppet/http/client.rb:149:in `connect'
# ./lib/puppet/http/client.rb:366:in `execute_streaming'
# ./lib/puppet/http/client.rb:203:in `get'
# ./spec/integration/http/client_spec.rb:54:in `block (5 levels) in <top (required)>'
# ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/integration/http/client_spec.rb:53:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/http/client_spec.rb:52:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
3) Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store
Failure/Error:
expect {
client.get(URI("https://127.0.0.1:#{port}"), options: {ssl_context: system_context})
}.to raise_error(Puppet::SSL::CertVerifyError,
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::SSL::CertVerifyError with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace:
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error'
# ./lib/puppet/http/pool.rb:66:in `rescue in start'
# ./lib/puppet/http/pool.rb:62:in `start'
# ./lib/puppet/http/pool.rb:107:in `borrow'
# ./lib/puppet/http/pool.rb:22:in `with_connection'
# ./lib/puppet/http/client.rb:149:in `connect'
# ./lib/puppet/http/client.rb:366:in `execute_streaming'
# ./lib/puppet/http/client.rb:203:in `get'
# ./spec/integration/http/client_spec.rb:171:in `block (5 levels) in <top (required)>'
# ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/integration/http/client_spec.rb:170:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/http/client_spec.rb:169:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
4) Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown
Failure/Error:
expect {
http.get('/')
}.to raise_error(Puppet::Error,
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace:
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error'
# ./lib/puppet/http/pool.rb:66:in `rescue in start'
# ./lib/puppet/http/pool.rb:62:in `start'
# ./lib/puppet/http/pool.rb:107:in `borrow'
# ./lib/puppet/http/pool.rb:22:in `with_connection'
# ./lib/puppet/http/client.rb:149:in `connect'
# ./lib/puppet/http/client.rb:366:in `execute_streaming'
# ./lib/puppet/http/client.rb:203:in `get'
# ./lib/puppet/network/http/connection.rb:102:in `block in get'
# ./lib/puppet/network/http/connection.rb:274:in `with_error_handling'
# ./lib/puppet/network/http/connection.rb:101:in `get'
# ./spec/integration/network/http_pool_spec.rb:78:in `block (6 levels) in <top (required)>'
# ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>'
# ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
Shared Example Group: "HTTPS client" called from ./spec/integration/network/http_pool_spec.rb:103
# ./spec/integration/network/http_pool_spec.rb:77:in `block (5 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/network/http_pool_spec.rb:75:in `block (4 levels) in <top (required)>'
# ./spec/integration/network/http_pool_spec.rb:97:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
5) Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown
Failure/Error:
expect {
http.get('/')
}.to raise_error(Puppet::Error,
%r{certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA.})
expected Puppet::Error with message matching /certificate verify failed.* .self signed certificate in certificate chain for CN=Test CA./, got #<Puppet::SSL::CertVerifyError: certificate verify failed [self-signed certificate in certificate chain for CN=Test CA]> with backtrace:
# ./lib/puppet/ssl/verifier.rb:65:in `handle_connection_error'
# ./lib/puppet/http/pool.rb:66:in `rescue in start'
# ./lib/puppet/http/pool.rb:62:in `start'
# ./lib/puppet/http/pool.rb:107:in `borrow'
# ./lib/puppet/http/pool.rb:22:in `with_connection'
# ./lib/puppet/http/client.rb:149:in `connect'
# ./lib/puppet/http/client.rb:366:in `execute_streaming'
# ./lib/puppet/http/client.rb:203:in `get'
# ./lib/puppet/network/http/connection.rb:102:in `block in get'
# ./lib/puppet/network/http/connection.rb:274:in `with_error_handling'
# ./lib/puppet/network/http/connection.rb:101:in `get'
# ./spec/integration/network/http_pool_spec.rb:220:in `block (5 levels) in <top (required)>'
# ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/integration/network/http_pool_spec.rb:219:in `block (4 levels) in <top (required)>'
# ./spec/lib/puppet_spec/https.rb:81:in `block in start_server'
# ./spec/lib/puppet_spec/https.rb:41:in `pipe'
# ./spec/lib/puppet_spec/https.rb:41:in `start_server'
# ./spec/integration/network/http_pool_spec.rb:215:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
6) Puppet::Application::Ssl when submitting a CSR generates an EC private key
Failure/Error: raise Puppet::Error.new(_("Failed to submit certificate request: %{message}") % { message: e.message }, e)
Puppet::Error:
Failed to submit certificate request: pkeys are immutable on OpenSSL 3.0
# ./lib/puppet/application/ssl.rb:187:in `rescue in submit_request'
# ./lib/puppet/application/ssl.rb:162:in `submit_request'
# ./lib/puppet/application/ssl.rb:127:in `main'
# ./lib/puppet/application.rb:437:in `run_command'
# ./spec/unit/application/ssl_spec.rb:40:in `block in expects_command_to_pass'
# ./spec/unit/application/ssl_spec.rb:39:in `expects_command_to_pass'
# ./spec/unit/application/ssl_spec.rb:119:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# OpenSSL::PKey::PKeyError:
# pkeys are immutable on OpenSSL 3.0
# ./lib/puppet/ssl/certificate_request.rb:73:in `public_key='
7) Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH
Failure/Error: execute(cmd, {:failonfail => true, :combine => true, :custom_environment => custom_environment})
#<Puppet::Type::Package::ProviderGem (class)> received :execute with unexpected arguments
expected: (anything, hash_including(:custom_environment=>"hash_including(:PATH=>\"C:\\\\Program Files\\\\Puppet Labs\\\\Puppet\\\\bin;C:\\\\Ruby26-x64\\\\bin;C:\\\\Windows\\\\system32\\\\bin\")"))
got: (["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]], {:combine=>true, :custom_environment=>{"HOME"=>nil, :PATH=>"C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\...ocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"}, :failonfail=>true})
Diff:
@@ -1,3 +1,8 @@
-["anything",
- "hash_including(:custom_environment=>\"hash_including(:PATH=>\\\"C:\\\\\\\\Program Files\\\\\\\\Puppet Labs\\\\\\\\Puppet\\\\\\\\bin;C:\\\\\\\\Ruby26-x64\\\\\\\\bin;C:\\\\\\\\Windows\\\\\\\\system32\\\\\\\\bin\\\")\")"]
+[["/provider/gem", ["install", "--no-rdoc", "--no-ri", "myresource"]],
+ {:combine=>true,
+ :custom_environment=>
+ {"HOME"=>nil,
+ :PATH=>
+ "C:/Ruby32-x64/lib/ruby/gems/3.2.0/bin;C:\\Ruby32-x64\\bin;C:\\Ruby32-x64\\msys64\\ucrt64\\bin;C:\\Ruby32-x64\\msys64\\usr\\bin;C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\;C:\\Windows\\System32\\OpenSSH\\;C:\\Packer\\SysInternals;C:\\Program Files\\Git\\cmd;C:\\Program Files\\PowerShell\\7\\;C:\\ProgramData\\chocolatey\\bin;C:\\Users\\Administrator\\AppData\\Local\\Microsoft\\WindowsApps"},
+ :failonfail=>true}]
# ./lib/puppet/provider/package/gem.rb:82:in `execute_gem_command'
# ./lib/puppet/provider/package/gem.rb:251:in `install'
# ./spec/unit/provider/package/gem_spec.rb:67:in `block (5 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
8) Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available
Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError:
internal error
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./spec/unit/ssl/certificate_request_spec.rb:319:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
9) Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available
Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError:
internal error
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./spec/unit/ssl/certificate_request_spec.rb:330:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
10) Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available
Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError:
internal error
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./spec/unit/ssl/certificate_request_spec.rb:342:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
11) Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available
Failure/Error: content.sign(key, @digest.new)
OpenSSL::X509::RequestError:
internal error
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./lib/puppet/ssl/certificate_signer.rb:37:in `sign'
# ./spec/unit/ssl/certificate_request_spec.rb:354:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
12) Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created
Failure/Error:
expect do
request.generate(key, :csr_attributes => csr_attributes)
end.to raise_error Puppet::Error, /Cannot create CSR with attribute thats\.no\.moon: first num too large/
expected Puppet::Error with message matching /Cannot create CSR with attribute thats\.no\.moon: first num too large/, got #<Puppet::Error: Cannot create CSR with attribute thats.no.moon: unknown object name> with backtrace:
# ./lib/puppet/ssl/certificate_request.rb:224:in `oid='
# ./lib/puppet/ssl/certificate_request.rb:224:in `initialize'
# ./lib/puppet/ssl/certificate_request.rb:224:in `new'
# ./lib/puppet/ssl/certificate_request.rb:224:in `block in add_csr_attributes'
# ./lib/puppet/ssl/certificate_request.rb:215:in `each'
# ./lib/puppet/ssl/certificate_request.rb:215:in `add_csr_attributes'
# ./lib/puppet/ssl/certificate_request.rb:80:in `generate'
# ./spec/unit/ssl/certificate_request_spec.rb:200:in `block (5 levels) in <top (required)>'
# ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/ssl/certificate_request_spec.rb:199:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
13) Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created
Failure/Error:
expect do
request.generate(key, :extension_requests => exts)
end.to raise_error Puppet::Error, /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/
expected Puppet::Error with message matching /Cannot create CSR with extension request thats\.no\.moon.*: first num too large/, got #<Puppet::Error: Cannot create CSR with extension request thats.no.moon: OBJ_txt2obj: unknown object name> with backtrace:
# ./lib/puppet/ssl/certificate_request.rb:247:in `oid='
# ./lib/puppet/ssl/certificate_request.rb:247:in `initialize'
# ./lib/puppet/ssl/certificate_request.rb:247:in `new'
# ./lib/puppet/ssl/certificate_request.rb:247:in `block in extension_request_attribute'
# ./lib/puppet/ssl/certificate_request.rb:241:in `each_pair'
# ./lib/puppet/ssl/certificate_request.rb:241:in `extension_request_attribute'
# ./lib/puppet/ssl/certificate_request.rb:83:in `generate'
# ./spec/unit/ssl/certificate_request_spec.rb:273:in `block (5 levels) in <top (required)>'
# ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/ssl/certificate_request_spec.rb:272:in `block (4 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
14) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false
Failure/Error:
expect {
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
}.to raise_error(Puppet::SSL::CertVerifyError,
"Certificate 'CN=Test CA' failed verification (24): invalid CA certificate")
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA' failed verification (79): invalid CA certificate> with backtrace:
# ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error'
# ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store'
# ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain'
# ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context'
# ./spec/unit/ssl/ssl_provider_spec.rb:463:in `block (4 levels) in <top (required)>'
# ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/ssl/ssl_provider_spec.rb:462:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
15) Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false
Failure/Error:
expect {
subject.create_context(**config.merge(cacerts: certs, crls: [], revocation: false))
}.to raise_error(Puppet::SSL::CertVerifyError,
"Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate")
expected Puppet::SSL::CertVerifyError with "Certificate 'CN=Test CA Subauthority' failed verification (24): invalid CA certificate", got #<Puppet::SSL::CertVerifyError: Certificate 'CN=Test CA Subauthority' failed verification (79): invalid CA certificate> with backtrace:
# ./lib/puppet/ssl/ssl_provider.rb:348:in `raise_cert_verify_error'
# ./lib/puppet/ssl/ssl_provider.rb:311:in `verify_cert_with_store'
# ./lib/puppet/ssl/ssl_provider.rb:280:in `resolve_client_chain'
# ./lib/puppet/ssl/ssl_provider.rb:153:in `create_context'
# ./spec/unit/ssl/ssl_provider_spec.rb:473:in `block (4 levels) in <top (required)>'
# ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/ssl/ssl_provider_spec.rb:472:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
16) Puppet::X509::CertProvider when loading private keys using RSA raises without a password
Failure/Error:
expect {
provider.load_private_key('encrypted-key')
}.to raise_error(OpenSSL::PKey::PKeyError, /Could not parse PKey: no start line/)
expected OpenSSL::PKey::PKeyError with message matching /Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace:
# ./lib/puppet/x509/cert_provider.rb:211:in `read'
# ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem'
# ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key'
# ./spec/unit/x509/cert_provider_spec.rb:282:in `block (6 levels) in <top (required)>'
# ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/x509/cert_provider_spec.rb:281:in `block (5 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
17) Puppet::X509::CertProvider when loading private keys using EC raises without a password
Failure/Error:
expect {
provider.load_private_key('encrypted-ec-key')
}.to raise_error(OpenSSL::PKey::PKeyError, /(unknown|invalid) curve name|Could not parse PKey: no start line/)
expected OpenSSL::PKey::PKeyError with message matching /(unknown|invalid) curve name|Could not parse PKey: no start line/, got #<OpenSSL::PKey::PKeyError: Could not parse PKey: bad decrypt> with backtrace:
# ./lib/puppet/x509/cert_provider.rb:211:in `read'
# ./lib/puppet/x509/cert_provider.rb:211:in `load_private_key_from_pem'
# ./lib/puppet/x509/cert_provider.rb:192:in `load_private_key'
# ./spec/unit/x509/cert_provider_spec.rb:317:in `block (6 levels) in <top (required)>'
# ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
# ./spec/unit/x509/cert_provider_spec.rb:316:in `block (5 levels) in <top (required)>'
# ./spec/spec_helper.rb:180:in `block (2 levels) in <top (required)>'
Finished in 39 minutes 8 seconds (files took 1 minute 18.98 seconds to load)
25119 examples, 17 failures, 66 pending
Failed examples:
rspec ./spec/integration/application/apply_spec.rb:621 # apply http report processor rejects an HTTPS report server whose root cert is not the puppet CA
rspec ./spec/integration/http/client_spec.rb:48 # Puppet::HTTP::Client when verifying an HTTPS server raises if the server's CA is unknown
rspec ./spec/integration/http/client_spec.rb:166 # Puppet::HTTP::Client with a system trust store raises if the server's CA is not in the context or system store
rspec ./spec/integration/network/http_pool_spec.rb:66 # Puppet::Network::HttpPool when calling deprecated HttpPool methods when using persistent HTTPS connections raises if the server's CA is unknown
rspec ./spec/integration/network/http_pool_spec.rb:214 # Puppet::Network::HttpPool when calling HttpPool.connection method raises if the server's CA is unknown
rspec ./spec/unit/application/ssl_spec.rb:112 # Puppet::Application::Ssl when submitting a CSR generates an EC private key
rspec ./spec/unit/provider/package/gem_spec.rb:60 # Puppet::Type::Package::ProviderGem installing myresource when installing on windows removes puppet/bin from PATH
rspec ./spec/unit/ssl/certificate_request_spec.rb:314 # Puppet::SSL::CertificateRequest when generating should use SHA1 to sign the csr when SHA256 isn't available
rspec ./spec/unit/ssl/certificate_request_spec.rb:323 # Puppet::SSL::CertificateRequest when generating should use SHA512 to sign the csr when SHA256 and SHA1 aren't available
rspec ./spec/unit/ssl/certificate_request_spec.rb:334 # Puppet::SSL::CertificateRequest when generating should use SHA384 to sign the csr when SHA256/SHA1/SHA512 aren't available
rspec ./spec/unit/ssl/certificate_request_spec.rb:346 # Puppet::SSL::CertificateRequest when generating should use SHA224 to sign the csr when SHA256/SHA1/SHA512/SHA384 aren't available
rspec ./spec/unit/ssl/certificate_request_spec.rb:196 # Puppet::SSL::CertificateRequest when generating with custom CSR attributes raises an error if an attribute cannot be created
rspec ./spec/unit/ssl/certificate_request_spec.rb:270 # Puppet::SSL::CertificateRequest when generating with extension requests raises an error if the OID could not be created
rspec ./spec/unit/ssl/ssl_provider_spec.rb:459 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if root CA's isCA basic constraint is false
rspec ./spec/unit/ssl/ssl_provider_spec.rb:469 # Puppet::SSL::SSLProvider when creating an ssl context with client certs raises if intermediate CA's isCA basic constraint is false
rspec ./spec/unit/x509/cert_provider_spec.rb:279 # Puppet::X509::CertProvider when loading private keys using RSA raises without a password
rspec ./spec/unit/x509/cert_provider_spec.rb:314 # Puppet::X509::CertProvider when loading private keys using EC raises without a password
{noformat} |
|
|
