HomePhorge
Diffusion puppet afff3df2f42e

Allow a master to bootstrap itself with dns_alt_names and autosign
afff3df2f42eUnpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

Allow a master to bootstrap itself with dns_alt_names and autosign

When using autosign, a puppet master which is also a CA will attempt to
autosign its certificate request via the normal autosign process, rather
than its typical bootstrap process. Thus, the puppet master would
inadvertently refuse to sign its own certificate request if the CSR
contained DNS alt names. This changes the CA to allow DNS alt names in a
CSR if that CSR is for the certname of the master on which the CA is
running.

Details

Provenance
Nick Lewis <nick@puppetlabs.com>Authored on
Michael Stahnke <stahnma@puppetlabs.com>Committed on Oct 22 2011, 9:24 AM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU388365e6754d: (maint) Remove ssl dir before starting a master with DNS alt names
Branches
Unknown
Tags
Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPUafff3df2f42e: Allow a master to bootstrap itself with dns_alt_names and autosign (authored by Nick Lewis <nick@puppetlabs.com>).Oct 22 2011, 9:24 AM

Changes (2)

PathSize
lib/
puppet/
ssl/
spec/
unit/
ssl/

rPUafff3df2f42e

View Options

lib/puppet/ssl/certificate_authority.rb

Loading...
View Options

spec/unit/ssl/host_spec.rb

Loading...