Issue #9205 has been updated by Nigel Kersten. Status changed from Accepted to Duplicate Priority changed from Normal to Urgent Target version set to 2.7.x
We clearly need to be consulting the CRL for all actions that require authentication. Closing as a dupe of #9118, with this description included. ---------------------------------------- Bug #9205: CRL only consulted for plugins and reports? https://projects.puppetlabs.com/issues/9205 Author: Digant Kasundra Status: Duplicate Priority: Urgent Assignee: Category: SSL Target version: 2.7.x Affected Puppet version: 2.6.8 Keywords: CRL Branch: (Might be related to #9118) We came across this in a weird way. Last night we reissued the CA certificate, which had expired. We then reissued the puppetmaster and puppetca certificate (which we had to do for RHEL4 and RHEL5 but all other systems were happy without this step). We then noticed on RHEL4 and RHEL5 that they were still complaining about cert validation, but ONLY for getting plugins and sending the report (it got a catalog and was able to get files for modules, etc, just fine). We did an strace and found this was the only times it was trying to get a CRL (and was failing). Why is this the only time the CRL was in play? -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
