[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Melissa Stone. Released in Puppet 3.4.0-rc1 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-100960 * Author: Jill Burrows * Status: Closed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Melissa Stone. Released in Puppet 3.4.0-rc1 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-100876 * Author: Jill Burrows * Status: Closed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Melissa Stone. Released in Puppet 3.4.0-rc1 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-100839 * Author: Jill Burrows * Status: Closed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Melissa Stone. Released in Puppet 3.4.0-rc1 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-100699 * Author: Jill Burrows * Status: Closed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Melissa Stone. Released in Puppet 3.4.0-rc1 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-100617 * Author: Jill Burrows * Status: Closed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: 3.4.0 * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Andrew Parker. Branch changed from https://github.com/puppetlabs/puppet/pull/2048 to https://github.com/puppetlabs/puppet/pull/2089 After some discussion I decided that the better approach would be to provide a way of a user of puppet's connections to specify a custom certificate verification scheme. The new pull request should provide that functionality. Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-15 * Author: Jill Burrows * Status: Needs More Information * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2089 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Andrew Parker. Support Urls deleted (https://github.com/puppetlabs/puppet/pull/2048) Branch set to https://github.com/puppetlabs/puppet/pull/2048 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-99968 * Author: Jill Burrows * Status: Needs More Information * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2048 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Andrew Parker. Support Urls set to https://github.com/puppetlabs/puppet/pull/2048 Branch deleted (https://github.com/puppetlabs/puppet/pull/2048) Why are subject alternatives names not an option? Can you provide a more specific case where this is needed? Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-99724 * Author: Jill Burrows * Status: Unreviewed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Adrien Thebo. Support Urls deleted (https://github.com/puppetlabs/puppet/pull/2048) Branch set to https://github.com/puppetlabs/puppet/pull/2048 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-99723 * Author: Jill Burrows * Status: Unreviewed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: https://github.com/puppetlabs/puppet/pull/2048 A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Feature #23116] Allow verification of certificate validity and common name post factum
Issue #23116 has been updated by Jill Burrows. Support Urls set to https://github.com/puppetlabs/puppet/pull/2048 Feature #23116: Allow verification of certificate validity and common name post factum https://projects.puppetlabs.com/issues/23116#change-99718 * Author: Jill Burrows * Status: Unreviewed * Priority: Immediate * Assignee: Andrew Parker * Category: SSL * Target version: * Affected Puppet version: * Keywords: * Branch: A terminus may want to fetch information over the network from a server: * with a certificate signed by our CA * with a certificate whose subject name does not match the DNS name * for which subject alternative names are not an option In this case SSL validation will fail if VALIDATE_PEER is set. However, we expect the certificate to have a specific name which matches the service name We would like to have the ability to make a request and verify the expected identity after making the request. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/groups/opt_out.