[Puppet-dev] [PATCH 1/1] JRuby fix: make sure certificate serial > 0

Fri, 29 May 2009 11:45:38 -0700 

JRuby OpenSSL implementation is more strict than real ruby one and
requires certificate serial number to be strictly positive.

Signed-off-by: Brice Figureau <brice-pup...@daysofwonder.com>
---
 lib/puppet/ssl/certificate_authority.rb |    2 +-
 spec/unit/ssl/certificate_authority.rb  |    6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/lib/puppet/ssl/certificate_authority.rb 
b/lib/puppet/ssl/certificate_authority.rb
index 08feff0..4a7d461 100644
--- a/lib/puppet/ssl/certificate_authority.rb
+++ b/lib/puppet/ssl/certificate_authority.rb
@@ -184,7 +184,7 @@ class Puppet::SSL::CertificateAuthority
         # it, but with a mode we can't actually read in some cases.  So, use
         # a default before the lock.
         unless FileTest.exist?(Puppet[:serial])
-            serial = 0x0
+            serial = 0x1
         end
 
         Puppet.settings.readwritelock(:serial) { |f|
diff --git a/spec/unit/ssl/certificate_authority.rb 
b/spec/unit/ssl/certificate_authority.rb
index e007df2..fb30cb0 100755
--- a/spec/unit/ssl/certificate_authority.rb
+++ b/spec/unit/ssl/certificate_authority.rb
@@ -264,8 +264,8 @@ describe Puppet::SSL::CertificateAuthority do
                 Puppet.settings.stubs(:readwritelock).with(:serial).yields 
@filehandle
             end
 
-            it "should default to 0x0 for the first serial number" do
-                @ca.next_serial.should == 0x0
+            it "should default to 0x1 for the first serial number" do
+                @ca.next_serial.should == 0x1
             end
 
             it "should return the current content of the serial file" do
@@ -276,7 +276,7 @@ describe Puppet::SSL::CertificateAuthority do
             end
             
             it "should write the next serial number to the serial file as hex" 
do
-                @filehandle.expects(:<<).with("0001")
+                @filehandle.expects(:<<).with("0002")
 
                 @ca.next_serial
             end
-- 
1.6.0.2


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com
To unsubscribe from this group, send email to 
puppet-dev+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/puppet-dev?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to