Issue #18978 has been updated by Josh Cooper. Status changed from In Topic Branch Pending Review to Merged - Pending Release
Merged into master in 140e7aa4 and 1e99a4cd ---------------------------------------- Bug #18978: Puppet windows agents can't authenticate third-party SSL servers https://projects.puppetlabs.com/issues/18978#change-82871 Author: Josh Cooper Status: Merged - Pending Release Priority: Normal Assignee: Category: Target version: 3.2.0 Affected Puppet version: 2.7.6 Keywords: ssl windows Branch: https://github.com/puppetlabs/puppet/pull/1439 On *nix, the method `OpenSSL::X509::Store#set_default_paths` enables openssl to load root certificates from the system default locations, e.g. cacerts. This enables puppet agents to connect to and authenticate SSL servers that are not the puppetmaster, such as forge.puppetlabs.com. It also applies to SSL connections that the puppetmaster makes, e.g. SSL database connections. However, on windows, the call to `set_default_paths` doesn't do anything. A patch was submitted to ruby for this <http://bugs.ruby-lang.org/issues/show/2586> but rejected as it's an openssl issue. A patch was submitted to openssl <https://groups.google.com/d/topic/mailing.openssl.dev/6xi1itn7nks/discussion> but nothing has become of it. See also puppet-dev discussion <https://groups.google.com/d/topic/puppet-dev/9mxjmHiFGgc/discussion> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
