Hi Jeff! On Nov 16, 2010, at 12:56 AM, Jeff McCune wrote:
> I see the need to verify the server certificate, and I think it's clever to > re-use the puppet certificates since it is something the puppet agent has a > trust anchor for and a certificate is already issued. > > However, with the current documented behavior of the pkgdmg provider, this > patch probably doesn't match the expectation of most people. If a web server > with a valid certificate signed by Verisign or Thawte or something hosts the > dmg file, then this patch would throw a warning and fall back to no > validation. > > Would it be possible to add 2 checks, one using the default x.509 anchors, > then fall back to trying the puppet certificate, then fall back to insecure? Yes this should also be possible, thanks for your great input! I added it to my local feature list and will do it, but I have to learn for my last exam. I think I have the time to do it in a couple of weeks. All the best, Sandor Szücs -- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
