This commit provides the fix and updates the spec test for #4226
The fix changes the default behavior of the ca certificate common
name field. When generating the CA certificate, the common name should
not exactly match the common name of the master's SSL certificate to
assist certificate revocation.
This commit changes the common name to be of the pattern:
CN=Puppet CA: $certname
e.g.
CN=Puppet CA: puppet.puppetlabs.lan
Signed-off-by: Jeff McCune <j...@puppetlabs.com>
---
lib/puppet/defaults.rb | 2 +-
spec/integration/defaults_spec.rb | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb
index 318ff41..972e9e6 100644
--- a/lib/puppet/defaults.rb
+++ b/lib/puppet/defaults.rb
@@ -268,7 +268,7 @@ module Puppet
setdefaults(
:ca,
- :ca_name => ["$certname", "The name to use the Certificate Authority
certificate."],
+ :ca_name => ["Puppet CA: $certname", "The name to use the Certificate
Authority certificate."],
:cadir => { :default => "$ssldir/ca",
:owner => "service",
:group => "service",
diff --git a/spec/integration/defaults_spec.rb
b/spec/integration/defaults_spec.rb
index 4ae2983..77346b9 100755
--- a/spec/integration/defaults_spec.rb
+++ b/spec/integration/defaults_spec.rb
@@ -225,9 +225,9 @@ describe "Puppet defaults" do
end
end
- it "should have a :caname setting that defaults to the cert name" do
+ it "should have a :caname setting of 'Puppet CA: $fqdn'" do
Puppet.settings[:certname] = "foo"
- Puppet.settings[:ca_name].should == "foo"
+ Puppet.settings[:ca_name].should == "Puppet CA: foo"
end
it "should have a 'prerun_command' that defaults to the empty string" do
--
1.7.0.6
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to puppet-...@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
