Issue #16769 has been updated by eric sorenson. Assignee set to Steven Lindberg
Hi Steven - Did you come across the issue reported in #16769 while testing the new code? We're getting several reports across the mailing list/ irc / bug tracker that `SSLOptions +ExportCertData` is not compatible with Passenger, which is the primary way most people run puppetmasters at scale. The issue is that Apache puts the cert data into environment variables and passes them to Passenger per the Rack specification, but Passenger has hard-coded length limits in the header sizes it will accept, so operations do not even reach the puppet master. I think we need to figure out how to extract just the ValidityPeriod information from the certificate at the Apache layer, rather than passing the whole blob through and regenerating a whole X509 object at https://github.com/puppetlabs/puppet/blob/339ed9ec6fa7bdc37f4bcf0fb8e4a533badf746a/lib/puppet/network/http/rack/rest.rb#L82 Any thoughts? ---------------------------------------- Bug #16769: Apache "SSLOptions +ExportCertData" causes "header too long" error https://projects.puppetlabs.com/issues/16769#change-72948 Author: eric sorenson Status: Needs More Information Priority: Normal Assignee: Steven Lindberg Category: Target version: 3.0.1 Affected Puppet version: 3.0.0 Keywords: ssl Branch: Reported on the mailing list at https://groups.google.com/forum/?fromgroups=#!topic/puppet-users/tpKvbor15iY This was added as part of #7962. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
