On Jul 13, 2010, at 8:55, Bryan Kearney <[email protected]> wrote: > On 07/13/2010 01:47 AM, Ohad Levy wrote: >> just my 2 cents on the matter, afaik I'm the only one running puppet >> with a working chained ca setup. >> >> the rewrite of the ssl methods in 0.25.x branch, broke the chained ca >> setup mostly because it added CRL checking, this was partly fixed in >> 0.25.5 with the ability to disable the CRL (#3640), but does not really >> address the root cause(just disables the checks). >> >> The CRL distribution is broken complelty, as the CRL will be distributed >> only if none exists on the client, and will not be distributed any more >> (e.g. even if the CRL has been changed, the client will not know about it). > > I am still not getting this.. why distribute the CRL out to the agents? It > seems like this belongs at the master only.
In general it's unnecessary but there are cases where people actually want to contact clients. -- http://puppetlabs.com/ | +1-615-594-8199 | @puppetmasterd -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
