Issue #23116 has been updated by Andrew Parker. Support Urls set to https://github.com/puppetlabs/puppet/pull/2048 Branch deleted (https://github.com/puppetlabs/puppet/pull/2048)
Why are subject alternatives names not an option? Can you provide a more specific case where this is needed? ---------------------------------------- Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-99724 * Author: Jill Burrows * Status: Unreviewed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: ---------------------------------------- A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
