+1 On Thu, Sep 17, 2009 at 5:30 PM, Luke Kanies <[email protected]> wrote:
> > We still look for certificates/keys/etc named "ca", but the > cert itself uses the certname of the host that functions as the > CA. > > Signed-off-by: Luke Kanies <[email protected]> > --- > lib/puppet/ssl/certificate_request.rb | 7 ++++++- > spec/unit/ssl/certificate_request.rb | 15 +++++++++++++++ > 2 files changed, 21 insertions(+), 1 deletions(-) > > diff --git a/lib/puppet/ssl/certificate_request.rb > b/lib/puppet/ssl/certificate_request.rb > index 6a0464a..3fd9ab9 100644 > --- a/lib/puppet/ssl/certificate_request.rb > +++ b/lib/puppet/ssl/certificate_request.rb > @@ -29,9 +29,14 @@ class Puppet::SSL::CertificateRequest < > Puppet::SSL::Base > # Support either an actual SSL key, or a Puppet key. > key = key.content if key.is_a?(Puppet::SSL::Key) > > + # If we're a CSR for the CA, then use the real certname, rather > than the > + # fake 'ca' name. This is mostly for backward compatibility with > 0.24.x, > + # but it's also just a good idea. > + common_name = name == Puppet::SSL::CA_NAME ? > Puppet.settings[:certname] : name > + > csr = OpenSSL::X509::Request.new > csr.version = 0 > - csr.subject = OpenSSL::X509::Name.new([["CN", name]]) > + csr.subject = OpenSSL::X509::Name.new([["CN", common_name]]) > csr.public_key = key.public_key > csr.sign(key, OpenSSL::Digest::MD5.new) > > diff --git a/spec/unit/ssl/certificate_request.rb > b/spec/unit/ssl/certificate_request.rb > index 85e1d54..7a3713c 100755 > --- a/spec/unit/ssl/certificate_request.rb > +++ b/spec/unit/ssl/certificate_request.rb > @@ -117,6 +117,21 @@ describe Puppet::SSL::CertificateRequest do > @instance.generate(@key) > end > > + it "should set the CN to the CSR name when the CSR is not for a > CA" do > + subject = mock 'subject' > + OpenSSL::X509::Name.expects(:new).with { |subject| > subject[0][1] == @instance.name }.returns(subject) > + @request.expects(:subject=).with(subject) > + @instance.generate(@key) > + end > + > + it "should set the CN to the :certname setting when the CSR is for > a CA" do > + subject = mock 'subject' > + Puppet.settings.expects(:value).with(:certname).returns > "mycertname" > + OpenSSL::X509::Name.expects(:new).with { |subject| > subject[0][1] == "mycertname" }.returns(subject) > + @request.expects(:subject=).with(subject) > + > Puppet::SSL::CertificateRequest.new(Puppet::SSL::CA_NAME).generate(@key) > + end > + > it "should set the version to 0" do > @request.expects(:version=).with(0) > @instance.generate(@key) > -- > 1.6.1 > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
