Bug #1418
Puppetmasters don't honor cert revocation list
| Status: | Closed | Start date: | 07/12/2008 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: |  Nigel Kersten |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| Affected Puppet version: | 0.24.4 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
Steps to reproduce:
Assume puppetmaster and puppetca are two different machines.
client.example.com gets cert from puppetca and can pull catalog from puppetmaster.example.com¶
On puppetca.example.com, run puppetca revoke client.example.com¶
Copy ca_crl.pem from puppetca.example.com to puppetmaster.example.com¶
Confirm puppet.conf has set cacrl to point to the ca_crl.pem file and restart puppetmaster on puppetmaster.example.com¶
Run puppet client again on client.example.com. It will still pull catalog and run just fine.¶
Related issues
History
Updated by James Turnbull almost 4 years ago
- Status changed from Unreviewed to Accepted
Updated by Nigel Kersten over 1 year ago
- Status changed from Accepted to Closed
- Assignee set to Nigel Kersten
As per the below thread, we’re more aggressively closing tickets whose state is unsure, particularly old tickets with little to no inactivity in a long time.
You are free to reopen them.
http://groups.google.com/group/puppet-users/browse_thread/thread/a040cb9bc5c5b647