On Wednesday, February 13, 2013 11:31:06 AM UTC+11, Eric Sorenson wrote:
>
> Right but the puppet SSL directory is almost certainly not where your ssl
> library defaults to looking for the ca cert hashes.
>
I see, I thought for some reason we were trying to do the workaround from
the Redmine, okay.
So if I read the c_rehash script (which I had to get this from an AIX box
with different default paths) -
my $dir = "/var/ssl";
...
if(@ARGV) {
@dirlist = @ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
$dirlist[0] = "$dir/certs";
}
- it appears the default directory on my RHEL puppet master ought to be
# rpm -ql openssl-0.9.8e-22.el5_8.4 |grep certs$
/etc/pki/tls/certs
Running the script on that directory, though, doesn't appear to do
anything, as there are no .pem files -
# ./c_rehash /etc/pki/tls/certs
Doing /etc/pki/tls/certs
And then doing a find at root -
# find / -name certs
/etc/racoon/certs
/etc/puppetlabs/puppet/ssl/certs
/etc/pki/tls/certs
/var/lib/puppet/ssl/certs
And as I'd guess you'd expect this hasn't changed the behaviour - still
getting the same error.
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-dev@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-dev?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
