[Puppet - Bug #17879] extract cert name properly from subject DN
Issue #17879 has been updated by Jeff McCune. Just as an update on this bug, we think we've fixed this in #15561 The Puppet 3.2 release will have this fix included. -Jeff Bug #17879: extract cert name properly from subject DN https://projects.puppetlabs.com/issues/17879#change-87970 * Author: Yuri Arabadji * Status: Duplicate * Priority: High * Assignee: * Category: * Target version: * Affected Puppet version: * Keywords: * Branch: You owe me $200 for my time on debugging this. Hi. --- /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig 2012-11-30 10:23:24.531533928 -0500 +++ /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb 2012-11-30 10:35:25.653400099 -0500 @@ -49,7 +49,9 @@ # Method to extract a 'name' from the subject of a certificate def self.name_from_subject(subject) -subject.to_s.sub(/\/CN=/i, '') +if triplet = subject.to_a.find {|name, data, type| name == 'CN' } + triplet[1] +end end # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be converted into some mess and fail validation with exception being thrown right in the middle of the code that doesn't expect it. So don't be shy, make connection.verify_callback block catch the exception and actually raise SSLError or the like and actually fill in the error message (class not found, name incorrect and such). That's all for now, dears. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
[Puppet - Bug #17879] extract cert name properly from subject DN
Issue #17879 has been updated by Yuri Arabadji. Related. pre Ignoring --listen on onetime run /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Warning: Unable to fetch my node definition, but the agent run will continue: Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Info: Retrieving plugin /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: /File[/var/lib/puppet/lib]: Could not evaluate: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Could not retrieve file metadata for puppet://dev2.xxx/plugins: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Info: Loading facts in /var/lib/puppet/lib/facter/stage_level.rb Info: Loading facts in /var/lib/puppet/lib/facter/mc_server.rb Info: Loading facts in /var/lib/puppet/lib/facter/snmpd.rb Info: Loading facts in /var/lib/puppet/lib/facter/php_settings.rb Info: Loading facts in /var/lib/puppet/lib/facter/mc_client.rb /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] Warning: Not using cache on failed catalog Error: Could not retrieve catalog; skipping run /usr/local/rvm/rubies/ruby-1.9.3-p327/lib/ruby/1.9.1/net/http.rb:799: warning: exception in verify_callback is ignored Error: Could not send report: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [] /pre Bug #17879: extract cert name properly from subject DN https://projects.puppetlabs.com/issues/17879#change-78322 Author: Yuri Arabadji Status: Unreviewed Priority: High Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: You owe me $200 for my time on debugging this. Hi. --- /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig 2012-11-30 10:23:24.531533928 -0500 +++ /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb 2012-11-30 10:35:25.653400099 -0500 @@ -49,7 +49,9 @@ # Method to extract a 'name' from the subject of a certificate def self.name_from_subject(subject) -subject.to_s.sub(/\/CN=/i, '') +if triplet = subject.to_a.find {|name, data, type| name == 'CN' } + triplet[1] +end end # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be converted into some mess and fail validation with exception being thrown right in the middle of the code that doesn't expect it. So don't be shy, make connection.verify_callback block catch the exception and actually raise SSLError or the like and actually fill in the error message (class not found, name incorrect and such). That's all for now, dears. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To post to this group, send email to puppet-bugs@googlegroups.com. To unsubscribe from this group, send email to puppet-bugs+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
[Puppet - Bug #17879] extract cert name properly from subject DN
Issue #17879 has been updated by Yuri Arabadji. patch --- /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig 2012-11-30 10:23:24.531533928 -0500 +++ /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb 2012-11-30 10:35:25.653400099 -0500 @@ -49,7 +49,9 @@ # Method to extract a 'name' from the subject of a certificate def self.name_from_subject(subject) -subject.to_s.sub(/\/CN=/i, '') +if triplet = subject.to_a.find {|name, data, type| name == 'CN' } + triplet[1] +end end # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class Bug #17879: extract cert name properly from subject DN https://projects.puppetlabs.com/issues/17879#change-77860 Author: Yuri Arabadji Status: Unreviewed Priority: High Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: You owe me $200 for my time on debugging this. Hi. --- /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb.orig 2012-11-30 10:23:24.531533928 -0500 +++ /usr/local/rvm/gems/ruby-1.9.3-p286@puppet30/gems/puppet-3.0.1/lib/puppet/ssl/base.rb 2012-11-30 10:35:25.653400099 -0500 @@ -49,7 +49,9 @@ # Method to extract a 'name' from the subject of a certificate def self.name_from_subject(subject) -subject.to_s.sub(/\/CN=/i, '') +if triplet = subject.to_a.find {|name, data, type| name == 'CN' } + triplet[1] +end end # Create an instance of our Puppet::SSL::* class using a given instance of the wrapped class Otherwise subject DN /O=Organization/OU=Something/CN=host.name.com will be converted into some mess and fail validation with exception being thrown right in the middle of the code that doesn't expect it. So don't be shy, make connection.verify_callback block catch the exception and actually raise SSLError or the like and actually fill in the error message (class not found, name incorrect and such). That's all for now, dears. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups Puppet Bugs group. To post to this group, send email to puppet-bugs@googlegroups.com. To unsubscribe from this group, send email to puppet-bugs+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.