This was deprecated in commit 1cfb0215 and was keeping puppetd from starting in listen mode.
Signed-off-by: John A. Barbuto <[email protected]> --- lib/puppet/application/puppetd.rb | 7 ------- lib/puppet/network/http_server/webrick.rb | 5 +---- lib/puppet/ssl/certificate_revocation_list.rb | 2 -- lib/puppet/sslcertificates/ca.rb | 5 ----- spec/unit/application/puppetd.rb | 8 -------- spec/unit/ssl/certificate_revocation_list.rb | 12 ------------ 6 files changed, 1 insertions(+), 38 deletions(-) diff --git a/lib/puppet/application/puppetd.rb b/lib/puppet/application/puppetd.rb index 26c9f82..56aaf93 100644 --- a/lib/puppet/application/puppetd.rb +++ b/lib/puppet/application/puppetd.rb @@ -160,13 +160,6 @@ Puppet::Application.new(:puppetd) do exit(14) end - # FIXME: we should really figure out how to distribute the CRL - # to clients. In the meantime, we just disable CRL checking if - # the CRL file doesn't exist - unless File::exist?(Puppet[:cacrl]) - Puppet[:cacrl] = nil - end - handlers = nil if options[:serve].empty? diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb index a863d3a..2dae9cc 100644 --- a/lib/puppet/network/http_server/webrick.rb +++ b/lib/puppet/network/http_server/webrick.rb @@ -21,13 +21,10 @@ module Puppet # with them, with flags appropriate for checking client # certificates for revocation def x509store - if Puppet[:cacrl] == 'false' + unless File.exist?(Puppet[:cacrl]) # No CRL, no store needed return nil end - unless File.exist?(Puppet[:cacrl]) - raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage" - end crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])) store = OpenSSL::X509::Store.new store.purpose = OpenSSL::X509::PURPOSE_ANY diff --git a/lib/puppet/ssl/certificate_revocation_list.rb b/lib/puppet/ssl/certificate_revocation_list.rb index f3c1a34..c725bde 100644 --- a/lib/puppet/ssl/certificate_revocation_list.rb +++ b/lib/puppet/ssl/certificate_revocation_list.rb @@ -46,8 +46,6 @@ class Puppet::SSL::CertificateRevocationList < Puppet::SSL::Base # The name doesn't actually matter; there's only one CRL. # We just need the name so our Indirector stuff all works more easily. def initialize(fakename) - raise Puppet::Error, "Cannot manage the CRL when :cacrl is set to false" if [false, "false"].include?(Puppet[:cacrl]) - @name = "crl" end diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index b0bcdb6..b5a2469 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -194,9 +194,6 @@ class Puppet::SSLCertificates::CA # Revoke the certificate with serial number SERIAL issued by this # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE) - if @config[:cacrl] == 'false' - raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'false'" - end time = Time.now revoked = OpenSSL::X509::Revoked.new revoked.serial = serial @@ -344,8 +341,6 @@ class Puppet::SSLCertificates::CA @crl = OpenSSL::X509::CRL.new( File.read(@config[:cacrl]) ) - elsif @config[:cacrl] == 'false' - @crl = nil else # Create new CRL @crl = OpenSSL::X509::CRL.new diff --git a/spec/unit/application/puppetd.rb b/spec/unit/application/puppetd.rb index 19dfaf3..e5a5167 100755 --- a/spec/unit/application/puppetd.rb +++ b/spec/unit/application/puppetd.rb @@ -407,14 +407,6 @@ describe "puppetd" do @puppetd.setup_listen end - it "should set :cacrl to nil if no cacrl file" do - Puppet.expects(:[]).with(:cacrl).returns('cacrl') - File.expects(:exist?).with('cacrl').returns(false) - Puppet.expects(:[]=).with(:cacrl,nil) - - @puppetd.setup_listen - end - it "should create a server to listen on at least the Runner handler" do Puppet::Network::Server.expects(:new).with { |args| args[:xmlrpc_handlers] == [:Runner] } diff --git a/spec/unit/ssl/certificate_revocation_list.rb b/spec/unit/ssl/certificate_revocation_list.rb index eb25268..3d15db7 100755 --- a/spec/unit/ssl/certificate_revocation_list.rb +++ b/spec/unit/ssl/certificate_revocation_list.rb @@ -46,18 +46,6 @@ describe Puppet::SSL::CertificateRevocationList do end end - describe "when initializing" do - it "should fail if :cacrl is set to false" do - Puppet.settings.expects(:value).with(:cacrl).returns false - lambda { @class.new("crl") }.should raise_error(Puppet::Error) - end - - it "should fail if :cacrl is set to the string 'false'" do - Puppet.settings.expects(:value).with(:cacrl).returns "false" - lambda { @class.new("crl") }.should raise_error(Puppet::Error) - end - end - describe "when generating the crl" do before do @real_crl = mock 'crl' -- 1.6.5.1 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
