Package: puppet Version: 0.25.4-2 Severity: wishlist Forwarded: http://projects.reductivelabs.com/issues/3101 Tags: upstream
I encountered the situation where I was trying to connect to a puppetmaster with a different hostname than its CN in the SSL certificate. The error was rather obscure: err: Could not retrieve catalog from remote server: undefined method `closed?' for nil:NilClass After ensuring that DNS was all properly configured and noticing that the puppet --trace showed that the error was due to an undefined socket object in puppet's HTTP request method (http.rb — I tip my hat to ruby for even letting things get that far), I tried ruby --debug and found: Exception `OpenSSL::SSL::SSLError' at /usr/lib/ruby/1.8/openssl/ssl.rb:123 - hostname was not match with the server certificate Sure enough, changing the server hostname used by puppetd to match the server's CN made the problem go away. It would be nice if puppet could be a bit more helpful with error reporting, and if Ruby could be fixed. -- System Information: Debian Release: squeeze/sid Architecture: i386 (i686) Kernel: Linux 2.6.33-2-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages puppet depends on: ii adduser 3.112 add and remove users and groups ii facter 1.5.7-1 a library for retrieving facts fro ii libopenssl-ruby 4.2 OpenSSL interface for Ruby ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1. ii libshadow-ruby1.8 1.4.1-8 Interface of shadow password for R ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip ii puppet-common 0.25.4-2 common files for puppet and puppet ii ruby1.8 1.8.7.249-1 Interpreter of object-oriented scr Versions of packages puppet recommends: ii libaugeas-ruby1.8 0.3.0-1.1 Augeas bindings for the Ruby langu ii rdoc 4.2 Generate documentation from ruby s Versions of packages puppet suggests: pn puppet-el <none> (no description available) pn vim-puppet <none> (no description available) -- no debconf information -- .''`. martin f. krafft <madd...@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)