On 07/13/2010 01:47 AM, Ohad Levy wrote:
just my 2 cents on the matter, afaik I'm the only one running puppet
with a working chained ca setup.
the rewrite of the ssl methods in 0.25.x branch, broke the chained ca
setup mostly because it added CRL checking, this was partly fixed in
0.25.5 with the ability to disable the CRL (#3640), but does not really
address the root cause(just disables the checks).
The CRL distribution is broken complelty, as the CRL will be distributed
only if none exists on the client, and will not be distributed any more
(e.g. even if the CRL has been changed, the client will not know about it).
I am still not getting this.. why distribute the CRL out to the agents?
It seems like this belongs at the master only.
-- bk
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
