Issue #17879 has been updated by Yuri Arabadji.
Related. <pre> Ignoring --listen on onetime run /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Info: Retrieving plugin /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Could not retrieve file metadata for puppet://dev2.xxx/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Info: Loading facts in /var/lib/puppet/lib/facter/stage_level.rb Info: Loading facts in /var/lib/puppet/lib/facter/mc_server.rb Info: Loading facts in /var/lib/puppet/lib/facter/snmpd.rb Info: Loading facts in /var/lib/puppet/lib/facter/php_settings.rb Info: Loading facts in /var/lib/puppet/lib/facter/mc_client.rb /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] </pre> ---------------------------------------- Bug #17879: extract cert name properly from subject DN https://projects.puppetlabs.com/issues/17879#change-78322 Author: Yuri Arabadji Status: Unreviewed Priority: High Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: You owe me $200 for my time on debugging this. Hi. --- /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig 2012-11-30 10:23:24.531533928 -0500 +++ /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb 2012-11-30 10:35:25.653400099 -0500 @@ -49,7 +49,9 @@ # Method to extract a 'name' from the subject of a certificate def self.name_from_subject(subject) - subject.to_s.sub(/\/CN=/i, '') + if triplet = subject.to_a.find {|name, data, type| name == 'CN' } + triplet[1] + end end # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be converted into some mess and fail validation with exception being thrown right in the middle of the code that doesn't expect it. So don't be shy, make connection.verify_callback block catch the exception and actually raise SSLError or the like and actually fill in the error message (class not found, name incorrect and such). That's all for now, dears. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
