Issue #1168 has been updated by Daniel Pittman.
Jeff McCune wrote: > Working on windows where computer names default to upper case I'm running > squarely into this problem. > Would anyone object if I patch puppet to support certificate CN's that are > mixed case? If you mean to fix the assumption that the filename and content match, then go ahead. If you mean to use case sensitive filenames and expect them to work, no. That brings in a host of other problems. I fully expect that this will totally *destroy* performance with a large pool of certificates, because every request to load the cert will need to load and parse every single file to find that no CN/DN matches. Fun times. Please check your fix works on systems that have >= 500 certificates, for the "has a cert" and "does not have a cert" cases. ---------------------------------------- Bug #1168: Master-side client certificates convert hostnames to lowercase https://projects.puppetlabs.com/issues/1168#change-54740 Author: Mike Brittain Status: Needs Decision Priority: Normal Assignee: Jeff McCune Category: unknown Target version: Affected Puppet version: Keywords: certificate, naming Branch: I'm trying to use master-side certificate generation with hosts at Amazon's EC2 service. Internal hostnames there use mixed-case names: <pre> domU-12-31-12-34-56-78.compute-1.internal </pre> Note the "U" is upper-case. I build a set of certificates for this client: <pre> puppetca --generate domU-12-31-12-34-56-78.compute-1.internal </pre> Resulting files are: <pre> ./private_keys/domu-12-31-12-34-56-78.compute-1.internal.pem ./certs/domu-12-31-12-34-56-78.compute-1.internal.pem ./ca/signed/domu-12-31-12-34-56-78.compute-1.internal.pem </pre> Note all lower-case "u"s in "domu". When I put these onto the puppet client, they are mis-matched between hostname and filenames. The client (when started) ends up creating new keys with mixed-case names next to the versions that were copied from the Puppet master server: <pre> -rw------- 1 root root domU-12-31-12-34-56-78.compute-1.internal.pem -r-------- 1 root root domu-12-31-12-34-56-78.compute-1.internal.pem </pre> It's very possible this is invalid. I don't know the specs surrounding certificate generation. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
