Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9958 Cannot add custom CA certs for internal resources without replacing bundled CA Change By: Josh Cooper Team: Coremunity Night's Watch Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.84744.1591850160095%40Atlassian.JIRA.
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9958 Cannot add custom CA certs for internal resources without replacing bundled CA Change By: Josh Cooper Epic Link: PUP-9910 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.84743.1591850160039%40Atlassian.JIRA.
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper commented on PUP-9958 Re: Cannot add custom CA certs for internal resources without replacing bundled CA PUP-7814 makes it possible to specify an arbitrary file containing trusted CA certs that will be used when making HTTPS connections using puppet's HTTP client. This won't fix this issue because the apt provider uses open-uri. I think we should move this ticket to the MODULES project. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.72761.1590688080179%40Atlassian.JIRA.
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper commented on PUP-9958 Re: Cannot add custom CA certs for internal resources without replacing bundled CA Darragh Bailey if we implement PUP-7814, then it will be possible to configure puppet to load CA certs from either a platform-specific file or directory (like https://github.com/pcfens/puppet-ca_cert/blob/master/manifests/params.pp#L24), and have those be used for https file sources. Would that be sufficient for your use case? Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.66322.1589953860096%40Atlassian.JIRA.
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper commented on PUP-9958 Re: Cannot add custom CA certs for internal resources without replacing bundled CA Being able to place the file under /etc/puppetlabs/ssl/cert.pem to be used only if enabled via configuration would avoid the need to guard against it being replaced by a puppet-agent package upgrade in the future. I've been thinking of something similar, see my comments in https://tickets.puppetlabs.com/browse/PUP-7814?focusedCommentId=675689=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-675689. Basically allow puppet to be configured to trust additional CA cert(s) given a file or directory of certs. When puppet makes connections to non-puppet infrastructure, such as source => "https://artifactory.example.com/...", then puppet would trust the puppet CA, the CA certs contained in the puppet-agent package, and optionally, the cert(s) that the setting referenced. This way people would not need to muck with the ca-bundle in puppet-agent (as those changes are lost when puppet-agent updates). It also means you could point puppet to the CA bundle that is already on your system, like {{ /etc/pki/ca-trust/source/anchors}}. Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper updated an issue Puppet / PUP-9958 Cannot add custom CA certs for internal resources without replacing bundled CA Change By: Josh Cooper Epic Link: PUP-9910 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.12346.1584118920026%40Atlassian.JIRA.
Jira (PUP-9958) Cannot add custom CA certs for internal resources without replacing bundled CA
Title: Message Title Josh Cooper moved an issue Puppet / PUP-9958 Cannot add custom CA certs for internal resources without replacing bundled CA Change By: Josh Cooper Affects Version/s: puppet-agent 5.3.5 Key: PA PUP - 2335 9958 Project: Puppet Agent Add Comment This message was sent by Atlassian JIRA (v7.7.1#77002-sha1:e75ca93) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.286210.1542994571000.52214.1565641560422%40Atlassian.JIRA.