Issue #8465 has been updated by Josh Cooper.
In regards to [https://github.com/puppetlabs/puppet/pull/175](https://github.com/puppetlabs/puppet/pull/175), I think we should just be using the existing method `Puppet::Network::HttpPool.http_instance(host, port)` to retrieve an http connection instead of re-implementing http client logic. The `http_instance` method already handles things like http proxy settings, timeouts, and setting up the ssl verification. If the report server is not the puppet master, then the report server's root ca can be added to puppets existing cert store (aka `Puppet[:localcacert]`). Security-wise that would mean puppet agent would not prevent an SSL connection to the report server when downloading a catalog (if it was tricked into connecting to the report server). If that is a concern, then the `cert_setup` method could be modified to take a trusted cacerts parameter to specify which file to use in each context (for catalogs vs reports). ---------------------------------------- Feature #8465: allow SSL on reporturl https://projects.puppetlabs.com/issues/8465 Author: Lluis Gili Status: Accepted Priority: Normal Assignee: Category: reports Target version: Affected Puppet version: 2.7.1 Keywords: Branch: https://github.com/barn/puppet/tree/8465/feature/allow_SSL_on_reporturl this patch allows to use SSL on reporturl https://github.com/descala/puppet/commit/8313c4258e3bacac4b1a5f3e57d86a1959d9cac5 -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
