Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Josh Cooper assigned an issue to Unassigned Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Josh Cooper Assignee: Adrien Thebo Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo commented on PUP-7283 Re: Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Sean McDonald this work could not be completed and was not shipped. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Adrien Thebo Release Notes: Not Needed Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Sean McDonald commented on PUP-7283 Re: Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Adrien Thebo did this work go out in a release? if so can you add a fix version? Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Karen Van der Veer Sprint: SE 2017-03-08, Server 2017-03-22, Server 2017-04-05 , Server 2017-04-19 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Karen Van der Veer Sprint: SE 2017-03-08, Server 2017-03-22 , Server 2017-04-05 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Karen Van der Veer Sprint: SE 2017-03-08, SE Server 2017-03-22 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo assigned an issue to Adrien Thebo Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Adrien Thebo Assignee: Adrien Thebo Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo commented on PUP-7283 Re: Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Kicking back to in progress to fix the issues that came up in acceptance testing. Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Moses Mendoza commented on PUP-7283 Re: Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization merged to master at https://github.com/puppetlabs/puppet/commit/1f8c92ee51a28331ca52dd5e7ef319643fa1ad63 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Karen Van der Veer updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Karen Van der Veer Sprint: SE 2017-03-08 , SE 2017-03-22 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo commented on PUP-7283 Re: Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Karen Van der Veer Heh... my error, thanks for catching this! Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo updated an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Change By: Adrien Thebo Sprint: PDE SE 2017-03-08 Add Comment This message was sent by Atlassian JIRA (v6.4.14#64029-sha1:ae256fe) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-7283) Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization
Title: Message Title Adrien Thebo created an issue Puppet / PUP-7283 Instantiating Puppet::SSL::DefaultValidator shouldn't trigger client SSL initialization Issue Type: Bug Assignee: Unassigned Created: 2017/02/28 11:56 AM Priority: Normal Reporter: Adrien Thebo The Puppet::SSL::DefaultValidator class is unsafe to call when the Puppet client SSL state isn't initialized. The #initialize method takes a Puppet::SSL::Host object which is reasonable(ish), but the default value calls Puppet::SSL::Host.localhost which has the side effect of trying to generate a certificate if no certificate exists. This is cause and symptom of the unholy thicket of implicit SSL initialization, and this behavior introduces a lot of weird behavior. To add to the fun, the DefaultValidator also switches behavior at runtime depending on if the CA or client certificates are available. This is fairly magic behavior and can be replaced with a proper concept of an "upgrading" validator that uses the best validator available, and multiple validators that perform different validation (and connection setup) based on what sort of validation credentials are available. In order to detangle this, we need to break up the DefaultValidator Add Comment