HomePhorge
Diffusion puppet 6362e5333fa9

(#13435) Change default signing digest algorithm
6362e5333fa9Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

(#13435) Change default signing digest algorithm

Change the default digest algorithm away from MD5

This commit is one step along the way to FIPS 140-2 compliance (#8120).
In a FIPS 140-2 environment, MD5 is not available. Older versions of
Ruby (1.8.7, 1.9.2) will SIGABRT when trying to use MD5 because they
don't properly check the return code from openssl.

Because the fingerprints between agent and master aren't
machine-verified and puppet cert list --digest <digest> supports any
of the digests, this commit is backwards and forwards compatibile.

Later portions of #8120 will make the default digest algorithm
configurable.

Details

Provenance
Jeff Weiss <jeff.weiss@puppetlabs.com>Authored on
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPUed0e0dbe91a8: Merge pull request #603 from cprice-puppet/bug/master/13439-spec-compatibility
Branches
Unknown
Tags
Unknown

Event Timeline

Jeff Weiss <jeff.weiss@puppetlabs.com> committed rPU6362e5333fa9: (#13435) Change default signing digest algorithm (authored by Jeff Weiss <jeff.weiss@puppetlabs.com>).Mar 31 2012, 1:26 AM

Changes (9)

PathSize
lib/
puppet/
ssl/
certificate_authority/
spec/
unit/
ssl/
certificate_authority/

rPU6362e5333fa9

View Options

lib/puppet/ssl/base.rb

Loading...
View Options

lib/puppet/ssl/certificate_authority.rb

Loading...
View Options

lib/puppet/ssl/certificate_authority/interface.rb

Loading...
View Options

lib/puppet/ssl/certificate_request.rb

Loading...
View Options

lib/puppet/ssl/certificate_revocation_list.rb

Loading...
View Options

spec/unit/ssl/base_spec.rb

Loading...
View Options

spec/unit/ssl/certificate_authority/interface_spec.rb

Loading...
View Options

spec/unit/ssl/certificate_authority_spec.rb

Loading...
View Options

spec/unit/ssl/certificate_request_spec.rb

Loading...