Issue #7224 has been updated by Jeff McCune.
# Suggested Fix # Before I context switch back to #3120 here's my suggested fix: When using a CA chain rather than a single self signed CA, peer_certs will be an ordered array. The SSL server certificate should be the last item in the array (this needs to be verified that this will always be the case). If the SSL server certificate is always the last item in the peer certificate list then simply grab it: <pre> 1.8.7 :001 > pp peer_certs [#<Puppet::SSL::Certificate:0x10c9de678 @content= #<OpenSSL::X509::Certificate subject=/CN=Jeff McCune Root Authority/C=US/ST=Oregon/L=Portland/O=Puppet Labs/OU=Jeff McCune/[email protected], issuer=/CN=Jeff McCune Root Authority/C=US/ST=Oregon/L=Portland/O=Puppet Labs/OU=Jeff McCune/[email protected], serial=14758815617093903059, not_before=Thu Jul 05 17:47:47 UTC 2012, not_after=Mon Jun 29 17:47:47 UTC 2037>, @name= "jeff mccune root authority/c=us/st=oregon/l=portland/o=puppet labs/ou=jeff mccune/[email protected]">, #<Puppet::SSL::Certificate:0x10c9de3d0 @content= #<OpenSSL::X509::Certificate subject=/C=US/ST=Oregon/O=Puppet Labs/OU=Jeff McCune/CN=Jeff McCune Signing Authority/[email protected], issuer=/CN=Jeff McCune Root Authority/C=US/ST=Oregon/L=Portland/O=Puppet Labs/OU=Jeff McCune/[email protected], serial=1, not_before=Thu Jul 05 17:53:57 UTC 2012, not_after=Tue Jul 04 17:53:57 UTC 2017>, @name= "/c=us/st=oregon/o=puppet labs/ou=jeff mccunejeff mccune signing authority/[email protected]">, #<Puppet::SSL::Certificate:0x10c9de0b0 @content= #<OpenSSL::X509::Certificate subject=/C=US/ST=Oregon/O=Puppet Labs/OU=Jeff McCune/CN=Puppet CA maynard2.localdomain/[email protected], issuer=/C=US/ST=Oregon/O=Puppet Labs/OU=Jeff McCune/CN=Jeff McCune Signing Authority/[email protected], serial=2, not_before=Thu Jul 05 17:59:01 UTC 2012, not_after=Tue Jul 04 17:59:01 UTC 2017>, @name= "/c=us/st=oregon/o=puppet labs/ou=jeff mccunepuppet ca maynard2.localdomain/[email protected]">, #<Puppet::SSL::Certificate:0x10c9ddd18 @content= #<OpenSSL::X509::Certificate subject=/CN=maynard2, issuer=/C=US/ST=Oregon/O=Puppet Labs/OU=Jeff McCune/CN=Puppet CA maynard2.localdomain/[email protected], serial=3, not_before=Wed Jul 04 19:04:49 UTC 2012, not_after=Tue Jul 04 19:04:49 UTC 2017>, @name="maynard2">] </pre> ---------------------------------------- Bug #7224: Bad english: hostname was not match with the server certificate https://projects.puppetlabs.com/issues/7224#change-66382 Author: Mike Judge Status: Re-opened Priority: Normal Assignee: Category: SSL Target version: 2.7.x Affected Puppet version: 2.7.0 Keywords: openssl certificates Branch: root@gobo:/etc/puppet# puppetd --test err: Could not retrieve catalog from remote server: hostname was not match with the server certificate warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run Should be something like: 1) "hostname was not a match with the server certificate" 2) "hostname did not match the server certificate" 3) "all your base are belong to us" :) -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
