On Thu, 2009-09-17 at 17:30 -0700, Luke Kanies wrote: > We still look for certificates/keys/etc named "ca", but the > cert itself uses the certname of the host that functions as the > CA.
Are you sure it solves #2617? The only thing it does to me is making sure CA certs use the certname when they get created. In our specific case, the issue is that the client thinks that a given CA cert with a name different than "ca" (ie generated by 0.24) is a regular certificate and not a CA cert. I'd thought you also change the Ssl_file to "detect" CA not only by their name but also by their basicConstraint properties. In the current system, a cert sent by the master is saved locally under its certname, not under the "ca" name because the transmitted request.key is the certname. Another issue, is that it also re-opens #899, which was certainly fixed in 0.25 because of the name change (but that's minor, people can use non-bugged software for CRL functionnalities :-)). On Thu, 2009-09-17 at 17:30 -0700, Luke Kanies wrote: > [patch ellided] -- Brice Figureau Follow the latest Puppet Community evolutions on www.planetpuppet.org! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
