Jira (PUP-3180) Puppet should deprecate the use of CRLs and move towards OCSP

5 views
Skip to first unread message

Jesse Endahl (JIRA)

unread,
Feb 11, 2015, 11:07:40 PM2/11/15
to puppe...@googlegroups.com
Jesse Endahl commented on New Feature PUP-3180
 
Re: Puppet should deprecate the use of CRLs and move towards OCSP

Is this still being worked on?
Add Comment Add Comment
 
This message was sent by Atlassian JIRA (v6.3.10#6340-sha1:7ea293a)
Atlassian logo

Josh Cooper (JIRA)

unread,
May 16, 2017, 5:42:03 PM5/16/17
to puppe...@googlegroups.com
Josh Cooper updated an issue
 
Puppet / New Feature PUP-3180
Change By: Josh Cooper
Labels: redmine  triaged
This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe)
Atlassian logo

Josh Cooper (JIRA)

unread,
May 16, 2017, 5:44:02 PM5/16/17
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-3180
 
Re: Puppet should deprecate the use of CRLs and move towards OCSP

I think we should keep this open to capture any agent changes needed to support OCSP.

Moses Mendoza (JIRA)

unread,
May 18, 2017, 1:44:56 PM5/18/17
to puppe...@googlegroups.com
Moses Mendoza updated an issue
 
Change By: Moses Mendoza
Labels: redmine  triaged

Sina Anvari (JIRA)

unread,
Jun 8, 2018, 5:21:08 AM6/8/18
to puppe...@googlegroups.com
This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93)
Atlassian logo

Josh Cooper (Jira)

unread,
Jun 1, 2021, 1:24:01 PM6/1/21
to puppe...@googlegroups.com
Josh Cooper commented on New Feature PUP-3180

There was an early attempt to add OCSP support to puppet in https://github.com/puppetlabs/puppet/pull/510. However, it relied on the indirector as the mechanism for making OCSP requests and it added OCSP support for both agents and servers (so the server could act as an OCSP responder). We've since decoupled the indirector from the http client, and dropped webrick & passenger support, so that PR would need to be reworked. Also it doesn't solve the OCSP stapling issue, as changes are needed in ruby's openssl bindings to support that (https://github.com/ruby/openssl/issues/295), and those settings will need to be exposed in Net::HTTP.
This message was sent by Atlassian Jira (v8.13.2#813002-sha1:c495a97)
Atlassian logo

David McTavish (Jira)

unread,
Dec 1, 2021, 11:16:02 AM12/1/21
to puppe...@googlegroups.com
David McTavish updated an issue
 
Change By: David McTavish
Labels: final_triage redmine
Reply all
Reply to author
Forward
0 new messages