> I think I remember the following cause for the bug: > * 0.24 generates a CA whose CN=$ca_fqdn. > * upgrade to 0.25 > * 0.25 client connects to master, ask for "ca" cert > * master send cert whose CN=$ca_fqdn > * Clients wants to locally write it as $ca_fqdn.pem, so
thinks it is a normal cert, not a CA. > * Clients can not authenticate the server because there is no "ca.pem" file. > > But if Luke found his patch fixes #2617, it might be that I didn't get > exactly the issue and the above is wrong. > Another possibility would be that our testing was flawed (I don't think it was, but it's a logical possibility). If that's the case, the most obvious difference would be that we were testing on a single machine--this could conceivably lead to the client seeing some file that was "on the master" if they shared a confdir, or some other such mechanism. Probably the easiest way to rule out all these possibilities in one go is to try it in an environment that was known to fail for you with 25.0; if it still fails, we haven't fixed the problem, while if it no longer exhibits the symptoms the chances are good that the ticket is fixed. > I don't feel quite right today (hope it's not the flu), so that > might be me. Hope you get to feeling better! -- Markus --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
