HomePhorge
Diffusion puppet d55174788416

Allow a master to bootstrap itself with dns_alt_names and autosign
d55174788416Unpublished
Actions

Unpublished Commit ยท Learn More

Repository Importing: This repository is still importing.

Description

Allow a master to bootstrap itself with dns_alt_names and autosign

When using autosign, a puppet master which is also a CA will attempt to
autosign its certificate request via the normal autosign process, rather
than its typical bootstrap process. Thus, the puppet master would
inadvertently refuse to sign its own certificate request if the CSR
contained DNS alt names. This changes the CA to allow DNS alt names in a
CSR if that CSR is for the certname of the master on which the CA is
running.

Details

Provenance
Nick Lewis <nick@puppetlabs.com>Authored on
Michael Stahnke <stahnma@puppetlabs.com>Committed on Oct 22 2011, 8:20 AM
vanmeeuwenPushed on Jun 2 2015, 2:22 PM
Parents
rPU040519685ca7: (maint) Remove ssl dir before starting a master with DNS alt names
Branches
Unknown
Tags
Unknown

Event Timeline

Michael Stahnke <stahnma@puppetlabs.com> committed rPUd55174788416: Allow a master to bootstrap itself with dns_alt_names and autosign (authored by Nick Lewis <nick@puppetlabs.com>).Oct 22 2011, 8:20 AM

Changes (2)

PathSize
lib/
puppet/
ssl/
spec/
unit/
ssl/

rPUd55174788416

View Options

lib/puppet/ssl/certificate_authority.rb

Loading...
View Options

spec/unit/ssl/host_spec.rb

Loading...