Issue #1842 has been updated by luke. Status changed from Unreviewed to Needs design decision
If I'm reading this correctly, this is really bad. This is basically saying you have two choices: Verify both the certificate and that the hostname matches, or do no verification at all. We currently support a third choice: Verify the certificate but not the hostname. Am I reading this right? ---------------------------------------- Bug #1842: Net::HTTP#enable_post_connection_check doesn't work anymore http://projects.reductivelabs.com/issues/show/1842 Author: caikevin Status: Needs design decision Priority: Normal Assigned to: Category: Target version: Complexity: Unknown Affected version: 0.24.7 Keywords: enable_post_connection_check one of the #896 bug fixing, adding http_enable_post_connection_check option against the requested host name in new versions of ruby (see revision 36c947, f94d6d). However, below changelog can be found from ruby rpms: ruby-1.8.6.111-CVE-2007-5162.patch: Update a bit with backporting the changes at trunk to enable the fix without any modifications on the users' scripts. Note that Net::HTTP#enable_post_connection_check isn't available anymore. If you want to disable this post-check, you should give OpenSSL::SSL::VERIFY_NONE to Net::HTTP#verify_mode= instead of. Since HTTP#enable_post_connection_check isn't avaiable anymore, but puppet doesn't give the corresponding fix. ---------------------------------------- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
