On Sep 18, 2009, at 12:40 PM, Markus Roberts wrote: > > On Fri, Sep 18, 2009 at 12:22 PM, Luke Kanies > <[email protected]> wrote: > > So, we've got at least three tickets related to the name in the CA > certificate: > > http://projects.reductivelabs.com/issues/2617 > http://projects.reductivelabs.com/issues/1507 > http://projects.reductivelabs.com/issues/899 > > This pretty clearly smacks of a systemic problem. > > I think the "right" approach is to generally use the fqdn as the name > in the CA cert, but with enough configurability (รก la #1507) to change > so that #899 will still work if needed. > > The fix for #2617 is still needed, in case someone actually changes > the name, but I think addressing these all at once is the right move, > for 0.26. It's a very small amount of code, but obviously has more > potential consequences than we'd like to believe. > > What do others think? > > Are you thinking of putting all of it off to 0.26, or just parts? > If so, which parts?
All of it. I'm thinking three patches, stacked: 1) Fix the main rest.rb so that it changes the names as necessary 2) Fix #1507 so that it allows specification of a CA name 3) Apply a form of the fix from yesterday to use that CA name in the CA CSR Working on it now, since it's all in my brain and pretty easy. -- I had a linguistics professor who said that it's man's ability to use language that makes him the dominant species on the planet. That may be. But I think there's one other thing that separates us from animals. We aren't afraid of vacuum cleaners. --Jeff Stilson --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
