Issue #5607 has been updated by James Turnbull. Keywords set to CRL
---------------------------------------- Bug #5607: CRL checking code needs more love https://projects.puppetlabs.com/issues/5607 Author: Yuri Arabadji Status: Accepted Priority: Normal Assignee: Category: SSL Target version: Affected Puppet version: 2.6.4 Keywords: CRL Branch: I've got a master that's configured with "ca=false" because we use an external CA. I also update the CRL regularly, but it looks like master doesn't pick it up, continuing to use the old one. The agent that's connecting to this master is getting "certificate expired" message. The problem resolves when I issue "reload" to the master. Obviously, this concept is wrong. If you're working with certificates, you need to check the CRL according to the rules defined in it. If CRL defines 6 hours expiration period, you should be ready to reread the file in 6 hours. It would also be super-cool if you could implement the OCSP. Thank you. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
