[SCM] Puppet - System Automation branch, 0.25.x, updated. 0.25.1-95-g0dc2dba

0 views
Skip to first unread message

git version control

unread,
Dec 18, 2009, 8:41:40 AM12/18/09
to puppet...@googlegroups.com
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Puppet - System Automation".

The branch, 0.25.x has been updated
via 0dc2dbafe65b59bfbb3ab66e26f595260bdde356 (commit)
from 03f37acaeb4c90d0256059fdc96f717077240811 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 0dc2dbafe65b59bfbb3ab66e26f595260bdde356
Author: Markus Roberts <Mar...@reality.com>
Date: Wed Dec 16 16:26:05 2009 -0800

Fix for #2890 (the cached certificates that would not die)

This patch implements the two-part suggestion from the ticket;

1) a client that receives a certificate that doesn't match its current
private key does not accept, store or use the certificate--instead it
removes any locally cached copies and acts as if the certificate had
never been found.

2) a puppetmaster that receives a csr from a client for whom it already
has a signed certificate now honors the request and considers it to
supercede any previously signed certificates.

In order to make the cache expiration work as expected, I changed a few
assumptions in the caching system:

* The expiration of a cached certificate is the earlier of the envelope
expiration and the certificate's expiration, as opposed to just overriding
the cache value
* Telling the cache to expire an item now removes it from the cache if
possible, rather than just setting an expiration date in the past and
hoping that somebody notices.

Signed-off-by: Markus Roberts <Mar...@reality.com>

-----------------------------------------------------------------------

Summary of changes:
lib/puppet/indirector/envelope.rb | 4 +-
lib/puppet/indirector/indirection.rb | 29 ++++++-------
lib/puppet/indirector/ssl_file.rb | 2 +-
lib/puppet/ssl/certificate.rb | 5 +-
lib/puppet/ssl/host.rb | 47 ++++++---------------
lib/puppet/sslcertificates/ca.rb | 11 +++--
spec/unit/indirector/indirection.rb | 47 +++++++++++++--------
spec/unit/ssl/host.rb | 76 ++++++++-------------------------
8 files changed, 86 insertions(+), 135 deletions(-)


hooks/post-receive
--
Puppet - System Automation

Reply all
Reply to author
Forward
0 new messages