(PUP-3627) Remove ignored certdnsnames setting

lib/puppet/defaults.rb

@@ -555,37 +555,6 @@ def self.default_diffargs
 
         Defaults to the node's fully qualified domain name.",
       :hook => proc { |value| raise(ArgumentError, "Certificate names must be lower case; see #1168") unless value == value.downcase }},
-    :certdnsnames => {
-      :default => '',
-      :hook    => proc do |value|
-        unless value.nil? or value == '' then
-          Puppet.warning <<WARN
-The `certdnsnames` setting is no longer functional,
-after CVE-2011-3872. We ignore the value completely.
-
-For your own certificate request you can set `dns_alt_names` in the
-configuration and it will apply locally.  There is no configuration option to
-set DNS alt names, or any other `subjectAltName` value, for another nodes
-certificate.
-
-Alternately you can use the `--dns_alt_names` command line option to set the
-labels added while generating your own CSR.
-WARN
-        end
-      end,
-      :desc    => <<EOT
-The `certdnsnames` setting is no longer functional,
-after CVE-2011-3872. We ignore the value completely.
-
-For your own certificate request you can set `dns_alt_names` in the
-configuration and it will apply locally.  There is no configuration option to
-set DNS alt names, or any other `subjectAltName` value, for another nodes
-certificate.
-
-Alternately you can use the `--dns_alt_names` command line option to set the
-labels added while generating your own CSR.
-EOT
-    },
     :dns_alt_names => {
       :default => '',
       :desc    => <<EOT,

man/man5/puppet.conf.5

@@ -2,7 +2,7 @@
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
 .TH "PUPPETCONF" "5" "November 2014" "Puppet Labs, LLC" "Puppet manual"
-\fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2014\-11\-03 15:15:01 \-0800)\fR
+\fBThis page is autogenerated; any changes will get overwritten\fR \fI(last generated on 2014\-11\-05 19:14:33 \-0800)\fR
 .
 .SH "Configuration Settings"
 .
@@ -297,15 +297,6 @@ The certificate directory\.
 .
 .IP "" 0
 .
-.SS "certdnsnames"
-The \fBcertdnsnames\fR setting is no longer functional, after CVE\-2011\-3872\. We ignore the value completely\.
-.
-.P
-For your own certificate request you can set \fBdns_alt_names\fR in the configuration and it will apply locally\. There is no configuration option to set DNS alt names, or any other \fBsubjectAltName\fR value, for another nodes certificate\.
-.
-.P
-Alternately you can use the \fB\-\-dns_alt_names\fR command line option to set the labels added while generating your own CSR\.
-.
 .SS "certificate_revocation"
 Whether certificate revocation should be supported by downloading a Certificate Revocation List (CRL) to all clients\. If enabled, CA chaining will almost definitely not work\.
 .
@@ -335,7 +326,7 @@ The special value \fBca\fR is reserved, and can\'t be used as the certname for a
 Defaults to the node\'s fully qualified domain name\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: kylo\.local
+\fIDefault\fR: kylo\.corp\.puppetlabs\.net
 .
 .IP "" 0
 .
@@ -1675,7 +1666,7 @@ The maximum time to delay before runs\. Defaults to being the same as the run in
 The domain which will be queried to find the SRV records of servers to use\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: local
+\fIDefault\fR: corp\.puppetlabs\.net
 .
 .IP "" 0
 .
@@ -1902,4 +1893,4 @@ The directory in which YAML data is stored, usually in a subdirectory\.
 .IP "" 0
 .
 .P
-\fIThis page autogenerated on 2014\-11\-03 15:15:01 \-0800\fR
+\fIThis page autogenerated on 2014\-11\-05 19:14:33 \-0800\fR

spec/integration/defaults_spec.rb

@@ -61,17 +61,6 @@
     end
   end
 
-  describe "when :certdnsnames is set" do
-    it "should not fail" do
-      expect { Puppet[:certdnsnames] = 'fred:wilma' }.to_not raise_error
-    end
-
-    it "should warn the value is ignored" do
-      Puppet.expects(:warning).with {|msg| msg =~ /CVE-2011-3872/ }
-      Puppet[:certdnsnames] = 'fred:wilma'
-    end
-  end
-
   it "should have a clientyamldir setting" do
     Puppet.settings[:clientyamldir].should_not be_nil
   end