Sandor, That sounds great. Good luck on your exam and thank you for taking the time to contribute to puppet. I'm glad you're interested in improving the pkgdmg provider, I there's anything I an do to help please feel free to drop me or the list an email.
-- Jeff McCune - (+1-503-208-4484) On Nov 16, 2010, at 2:27 PM, Sandor Szuecs <[email protected]> wrote: > Hi Jeff! > > On Nov 16, 2010, at 12:56 AM, Jeff McCune wrote: > >> I see the need to verify the server certificate, and I think it's clever to >> re-use the puppet certificates since it is something the puppet agent has a >> trust anchor for and a certificate is already issued. >> >> However, with the current documented behavior of the pkgdmg provider, this >> patch probably doesn't match the expectation of most people. If a web >> server with a valid certificate signed by Verisign or Thawte or something >> hosts the dmg file, then this patch would throw a warning and fall back to >> no validation. >> >> Would it be possible to add 2 checks, one using the default x.509 anchors, >> then fall back to trying the puppet certificate, then fall back to insecure? > > Yes this should also be possible, thanks for your great input! > I added it to my local feature list and will do it, but I have to learn > for my last exam. I think I have the time to do it in a couple of weeks. > > All the best, Sandor Szücs > -- > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
