[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, upstream, updated. 0.25.5-639-g8f94f35
James Turnbull
james at lovedthanlost.net
Wed Jul 14 10:29:33 UTC 2010
The following commit has been merged in the upstream branch:
commit 2d137e2e1ce603ee2727d66b1aba57458bf4d1be
Author: Luke Kanies <luke at madstop.com>
Date: Fri Sep 18 12:54:03 2009 -0700
Fixing #1507 - Adding a :ca_name setting
This allows one to specify the name to use in the
CA certificate. It defaults to the :certname,
but for those stuck using mod_ssl it can be changed.
Signed-off-by: Luke Kanies <luke at madstop.com>
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 4924f2c..ef194bc 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -284,6 +284,7 @@ module Puppet
)
setdefaults(:ca,
+ :ca_name => ["$certname", "The name to use the Certificate Authority certificate."],
:cadir => { :default => "$ssldir/ca",
:owner => "service",
:group => "service",
diff --git a/lib/puppet/ssl/certificate_request.rb b/lib/puppet/ssl/certificate_request.rb
index 6a0464a..4008aba 100644
--- a/lib/puppet/ssl/certificate_request.rb
+++ b/lib/puppet/ssl/certificate_request.rb
@@ -29,9 +29,14 @@ class Puppet::SSL::CertificateRequest < Puppet::SSL::Base
# Support either an actual SSL key, or a Puppet key.
key = key.content if key.is_a?(Puppet::SSL::Key)
+ # If we're a CSR for the CA, then use the real certname, rather than the
+ # fake 'ca' name. This is mostly for backward compatibility with 0.24.x,
+ # but it's also just a good idea.
+ common_name = name == Puppet::SSL::CA_NAME ? Puppet.settings[:ca_name] : name
+
csr = OpenSSL::X509::Request.new
csr.version = 0
- csr.subject = OpenSSL::X509::Name.new([["CN", name]])
+ csr.subject = OpenSSL::X509::Name.new([["CN", common_name]])
csr.public_key = key.public_key
csr.sign(key, OpenSSL::Digest::MD5.new)
diff --git a/spec/integration/defaults.rb b/spec/integration/defaults.rb
index fb00f86..0e9a03f 100755
--- a/spec/integration/defaults.rb
+++ b/spec/integration/defaults.rb
@@ -204,4 +204,9 @@ describe "Puppet defaults" do
Puppet.settings[:report_server].should == "report_server"
end
end
+
+ it "should have a :caname setting that defaults to the cert name" do
+ Puppet.settings[:certname] = "foo"
+ Puppet.settings[:ca_name].should == "foo"
+ end
end
diff --git a/spec/unit/ssl/certificate_request.rb b/spec/unit/ssl/certificate_request.rb
index 85e1d54..29bbc7b 100755
--- a/spec/unit/ssl/certificate_request.rb
+++ b/spec/unit/ssl/certificate_request.rb
@@ -117,6 +117,21 @@ describe Puppet::SSL::CertificateRequest do
@instance.generate(@key)
end
+ it "should set the CN to the CSR name when the CSR is not for a CA" do
+ subject = mock 'subject'
+ OpenSSL::X509::Name.expects(:new).with { |subject| subject[0][1] == @instance.name }.returns(subject)
+ @request.expects(:subject=).with(subject)
+ @instance.generate(@key)
+ end
+
+ it "should set the CN to the :ca_name setting when the CSR is for a CA" do
+ subject = mock 'subject'
+ Puppet.settings.expects(:value).with(:ca_name).returns "mycertname"
+ OpenSSL::X509::Name.expects(:new).with { |subject| subject[0][1] == "mycertname" }.returns(subject)
+ @request.expects(:subject=).with(subject)
+ Puppet::SSL::CertificateRequest.new(Puppet::SSL::CA_NAME).generate(@key)
+ end
+
it "should set the version to 0" do
@request.expects(:version=).with(0)
@instance.generate(@key)
--
Puppet packaging for Debian
More information about the Pkg-puppet-devel
mailing list