subject:"\[Puppet \- Bug #17879\] extract cert name properly from subject DN"

[Puppet - Bug #17879] extract cert name properly from subject DN

2013-04-02 Thread tickets


Issue #17879 has been updated by Jeff McCune.


Just as an update on this bug, we think we've fixed this in #15561

The Puppet 3.2 release will have this fix included.

-Jeff


Bug #17879: extract cert name properly from subject DN
https://projects.puppetlabs.com/issues/17879#change-87970

* Author: Yuri Arabadji
* Status: Duplicate
* Priority: High
* Assignee: 
* Category: 
* Target version: 
* Affected Puppet version: 
* Keywords: 
* Branch: 

You owe me $200 for my time on debugging this. Hi.

--- 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig
  2012-11-30 10:23:24.531533928 -0500
+++ 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb
   2012-11-30 10:35:25.653400099 -0500
@@ -49,7 +49,9 @@
 
   # Method to extract a 'name' from the subject of a certificate
   def self.name_from_subject(subject)
-subject.to_s.sub(/\/CN=/i, '')
+if triplet = subject.to_a.find {|name, data, type| name == 'CN' }
+  triplet[1]
+end
   end
 
   # Create an instance of our Puppet::SSL::* class using a given instance of 
the wrapped class

Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be 
converted into some mess and fail validation with exception being thrown right 
in the middle of the code that doesn't expect it.
So don't be shy, make connection.verify_callback block catch the exception and 
actually raise SSLError or the like and actually fill in the error message 
(class not found, name incorrect and such).

That's all for now, dears.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Bugs group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-bugs+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-bugs@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

[Puppet - Bug #17879] extract cert name properly from subject DN

2012-12-06 Thread tickets


Issue #17879 has been updated by Yuri Arabadji.


Related.

pre
Ignoring --listen on onetime run
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: 
exception in verify_callback is ignored
Warning: Unable to fetch my node definition, but the agent run will continue:
Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: 
certificate verify failed: []
Info: Retrieving plugin
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: 
exception in verify_callback is ignored
Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources 
using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server 
certificate B: certificate verify failed: []
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: 
exception in verify_callback is ignored
Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] 
Could not retrieve file metadata for puppet://dev2.xxx/plugins: SSL_connect 
returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify 
failed: []
Info: Loading facts in /var/lib/puppet/lib/facter/stage_level.rb
Info: Loading facts in /var/lib/puppet/lib/facter/mc_server.rb
Info: Loading facts in /var/lib/puppet/lib/facter/snmpd.rb
Info: Loading facts in /var/lib/puppet/lib/facter/php_settings.rb
Info: Loading facts in /var/lib/puppet/lib/facter/mc_client.rb
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: 
exception in verify_callback is ignored
Error: Could not retrieve catalog from remote server: SSL_connect returned=1 
errno=0 state=SSLv3 read server certificate B: certificate verify failed: []
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
/usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: 
exception in verify_callback is ignored
Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read 
server certificate B: certificate verify failed: []
/pre

Bug #17879: extract cert name properly from subject DN
https://projects.puppetlabs.com/issues/17879#change-78322

Author: Yuri Arabadji
Status: Unreviewed
Priority: High
Assignee: 
Category: 
Target version: 
Affected Puppet version: 
Keywords: 
Branch: 


You owe me $200 for my time on debugging this. Hi.

--- 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig
  2012-11-30 10:23:24.531533928 -0500
+++ 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb
   2012-11-30 10:35:25.653400099 -0500
@@ -49,7 +49,9 @@
 
   # Method to extract a 'name' from the subject of a certificate
   def self.name_from_subject(subject)
-subject.to_s.sub(/\/CN=/i, '')
+if triplet = subject.to_a.find {|name, data, type| name == 'CN' }
+  triplet[1]
+end
   end
 
   # Create an instance of our Puppet::SSL::* class using a given instance of 
the wrapped class

Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be 
converted into some mess and fail validation with exception being thrown right 
in the middle of the code that doesn't expect it.
So don't be shy, make connection.verify_callback block catch the exception and 
actually raise SSLError or the like and actually fill in the error message 
(class not found, name incorrect and such).

That's all for now, dears.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Bugs group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

[Puppet - Bug #17879] extract cert name properly from subject DN

2012-11-30 Thread tickets


Issue #17879 has been updated by Yuri Arabadji.


patch

--- 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig
  2012-11-30 10:23:24.531533928 -0500
+++ 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb
   2012-11-30 10:35:25.653400099 -0500
@@ -49,7 +49,9 @@
# Method to extract a 'name' from the subject of a certificate
def self.name_from_subject(subject)
-subject.to_s.sub(/\/CN=/i, '')
+if triplet = subject.to_a.find {|name, data, type| name == 'CN' }
+  triplet[1]
+end
end
# Create an instance of our Puppet::SSL::* class using a given instance of 
the wrapped class


Bug #17879: extract cert name properly from subject DN
https://projects.puppetlabs.com/issues/17879#change-77860

Author: Yuri Arabadji
Status: Unreviewed
Priority: High
Assignee: 
Category: 
Target version: 
Affected Puppet version: 
Keywords: 
Branch: 


You owe me $200 for my time on debugging this. Hi.

--- 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig
  2012-11-30 10:23:24.531533928 -0500
+++ 
/usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb
   2012-11-30 10:35:25.653400099 -0500
@@ -49,7 +49,9 @@
 
   # Method to extract a 'name' from the subject of a certificate
   def self.name_from_subject(subject)
-subject.to_s.sub(/\/CN=/i, '')
+if triplet = subject.to_a.find {|name, data, type| name == 'CN' }
+  triplet[1]
+end
   end
 
   # Create an instance of our Puppet::SSL::* class using a given instance of 
the wrapped class

Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be 
converted into some mess and fail validation with exception being thrown right 
in the middle of the code that doesn't expect it.
So don't be shy, make connection.verify_callback block catch the exception and 
actually raise SSLError or the like and actually fill in the error message 
(class not found, name incorrect and such).

That's all for now, dears.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
Puppet Bugs group.
To post to this group, send email to puppet-bugs@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-bugs+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

[Puppet - Bug #17879] extract cert name properly from subject DN

[Puppet - Bug #17879] extract cert name properly from subject DN

[Puppet - Bug #17879] extract cert name properly from subject DN

3 matches

Site Navigation

Mail list logo

Footer information