Issue #17879 has been reported by Yuri Arabadji.
----------------------------------------
Bug #17879: extract cert name properly from subject DN
https://projects.puppetlabs.com/issues/17879
Author: Yuri Arabadji
Status: Unreviewed
Priority: High
Assignee:
Category:
Target version:
Affected Puppet version:
Keywords:
Branch:
You owe me $200 for my time on debugging this. Hi.
---
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig
2012-11-30 10:23:24.531533928 -0500
+++
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb
2012-11-30 10:35:25.653400099 -0500
@@ -49,7 +49,9 @@
# Method to extract a 'name' from the subject of a certificate
def self.name_from_subject(subject)
- subject.to_s.sub(/\/CN=/i, '')
+ if triplet = subject.to_a.find {|name, data, type| name == 'CN' }
+ triplet[1]
+ end
end
# Create an instance of our Puppet::SSL::* class using a given instance of
the wrapped class
Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be
converted into some mess and fail validation with exception being thrown right
in the middle of the code that doesn't expect it.
So don't be shy, make connection.verify_callback block catch the exception and
actually raise SSLError or the like and actually fill in the error message
(class not found, name incorrect and such).
That's all for now, dears.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
