Bug #942
handling of certdnsnames broken
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Puppet Community |
% Done: | 0% |
|
| Category: | - | |||
| Target version: | 0.24.0 | |||
| Affected Puppet version: | 0.25.4 | Branch: | ||
| Keywords: | ||||
| Votes: | 0 |
Description
certdnsnames in current HEAD is “
:.:..:...:....:.....”
lib/puppet/sslcertificates.rbconverts this on line 64 to the subjectAltName “
DNS::, DNS:.:, DNS:..:, DNS:...:, DNS:....:, DNS:.....”, which has a few “:” too much. To fix this, apply this small patch:
diff --git a/lib/puppet/sslcertificates.rb b/lib/puppet/sslcertificates.rb
index 1139db0..e9d5441 100755
--- a/lib/puppet/sslcertificates.rb
+++ b/lib/puppet/sslcertificates.rb
@@ -61,7 +61,7 @@ module Puppet::SSLCertificates
key_usage = %w{cRLSign keyCertSign}
when :server:
basic_constraint = "CA:FALSE"
- hash[:dnsnames].each(':') { |d| subject_alt_name << 'DNS:' + d } if hash[:dnsnames]
+ hash[:dnsnames].split(':').each { |d| subject_alt_name << 'DNS:' + d } if hash[:dnsnames]
key_usage = %w{digitalSignature keyEncipherment}
ext_key_usage = %w{serverAuth clientAuth}
when :ocsp:
I know there is a better fix for this whole SSL mess in the queue at #896, but this patch is needed to create a working CA on current HEAD ([8eecbe54c96cec0de492e7ae77211637b65057e8]).
History
Updated by Luke Kanies over 4 years ago
- Status changed from 1 to Closed
- 7 set to fixed
Fixed in commit:5886d37af0429728db42faf7e950d971145a643b.