(PUP-744) Only cache HTTP and verified HTTPS connections
45a721ae65f8Unpublished
Actions

Unpublished Commit · Learn More

Repository Importing: This repository is still importing.

Description

(PUP-744) Only cache HTTP and verified HTTPS connections

Previously, it was possible for puppet to create an HTTPS connection
with VERIFY_NONE, and cache the connection. As a result, the pool code
could hand out an insecure connection, when the caller expected a secure
one (VERIFY_PEER).

In practice this isn't an issue, because puppet only uses insecure HTTPS
connections when bootstrapping its SSL key and certs, and that happens
before Configurer#run overrides the default non-caching pool
implementation. However, it could be an issue if a provider were to
request a insecure connection *during* catalog application, as that
connection would be cached, and possibly reused by puppet, e.g. when
sending the report.

This commit modifies the connection pool to only cache HTTP or secure
HTTPS connections. All other connections are closed after one HTTP
request/response.

Details

Provenance

Josh Cooper <josh@puppetlabs.com>	Authored on
vanmeeuwen	Pushed on Jun 2 2015, 2:22 PM

Parents

rPUe954e3a4a336: (PUP-744) Document http pooling classes and methods

Branches

Unknown

Tags

Unknown

Event Timeline

Josh Cooper <josh@puppetlabs.com> committed rPU45a721ae65f8: (PUP-744) Only cache HTTP and verified HTTPS connections (authored by Josh Cooper <josh@puppetlabs.com>).Jul 25 2014, 6:36 PM

Changes (2)

Path

Size

lib/

puppet/

network/

http/

pool.rb

spec/

unit/

network/

http/

pool_spec.rb

rPU45a721ae65f8

View Options

lib/puppet/network/http/pool.rb