[Pkg-puppet-devel] Bug#682590: puppetmaster: puppet stopped working for existing certificates that contain / in their subject

Stefanos Harhalakis v13 at v13.gr
Mon Jul 23 22:51:19 UTC 2012

Package: puppetmaster
Version: 2.7.18-1
Severity: important
Tags: upstream

Dear Maintainer,

Since the latest upgrade I've been bitten by puppet bug #15561


The following used to work just fine:

# puppet kick XXXX
Triggering XXXX
Host XXXX failed: Certname
"... subject ..." must not contain unprintable or non-ASCII characters
XXXX finished with exit code 2
Failed: XXXX

I am using a custom (not managed by puppet) CA. The problem seems to be
triggered by the fact that CN includes a / in it. As mentioned in the
puppet bug report this is a very common thing.

The issue is that it makes puppet unusable for existing installations
and since this is going to be in Wheezy it may end up braking for a lot
of people's installations that will upgrade.

The bug is accepted upstream and it seems that it will be fixed in the
2.7 series.

Please consider this an RC bug.


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.4.3-v2-v (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages puppetmaster depends on:
ii  puppetmaster-common  2.7.18-1
ii  ruby1.8    

puppetmaster recommends no packages.

puppetmaster suggests no packages.

-- no debconf information

More information about the Pkg-puppet-devel mailing list