[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, upstream, updated. 0.25.5-639-g8f94f35

[Markus Roberts]

The following commit has been merged in the upstream branch:
commit b7e2580ab49ecdb67fc9b522829c005fc3750fbe
Author: Nick Lewis <nick at puppetlabs.com>
Date:   Wed Jul 7 17:01:54 2010 -0700

    [#3169] Adds more debugging to SSL cert verification
    
    This patch (via Nicholas Veeser) adds more debugging when SSL cert
    verification fails.

diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb
index 4789d47..244f18b 100644
--- a/lib/puppet/network/http_pool.rb
+++ b/lib/puppet/network/http_pool.rb
@@ -58,6 +58,20 @@ module Puppet::Network::HttpPool
         http.cert = ssl_host.certificate.content
         http.verify_mode = OpenSSL::SSL::VERIFY_PEER
         http.key = ssl_host.key.content
+        if Puppet[:debug]
+            http.verify_callback = self.method(:ssl_verify_callback).to_proc
+        end
+    end
+    
+    def self.ssl_verify_callback(peer_ok, x509_store_ctx)
+        if not peer_ok
+            Puppet.debug "OpenSSL: Error(#{x509_store_ctx.error}): #{x509_store_ctx.error_string}"
+            Puppet.debug "OpenSSL: Cert: #{x509_store_ctx.current_cert.issuer}"
+            Puppet.debug "OpenSSL: Current CRL: #{x509_store_ctx.current_crl}"
+            Puppet.debug "OpenSSL: Chain:"
+            x509_store_ctx.chain.each_index { |i| Puppet.debug "OpenSSL: \t#{i} #{x509_store_ctx.chain[i].issuer}" }
+        end
+        peer_ok
     end
 
     # Retrieve a cached http instance if caching is enabled, else return

-- 
Puppet packaging for Debian