From b293763f9ef2e134f18bb2c3fdaaaa502aa2c201 Mon Sep 17 00:00:00 2001 From: Luke Kanies Date: Thu, 7 Feb 2008 15:34:30 -0600 Subject: [PATCH] Applying patch by Jay to fix #989 -- missing crl files are correctly ignored, and you now use 'false' instead of 'none' to explicitly ignore them. --- CHANGELOG | 4 ++++ bin/puppetd | 2 +- lib/puppet/defaults.rb | 2 +- lib/puppet/network/http_server/webrick.rb | 4 ++-- lib/puppet/sslcertificates/ca.rb | 6 +++--- lib/puppet/util/settings.rb | 2 +- 6 files changed, 12 insertions(+), 8 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index cfe6657b..d615ed84 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,7 @@ + Fixed #989 -- missing CRL files are correctly ignored, and the + value should be set to 'false' to explicitly not look for these + files. + Fixed #1017 -- environment-specific modulepath is no longer ignored. Fixing #794 -- consolidating the gentoo configuration files. diff --git a/bin/puppetd b/bin/puppetd index 297d4876..e993d3aa 100755 --- a/bin/puppetd +++ b/bin/puppetd @@ -374,7 +374,7 @@ if Puppet[:listen] and ! options[:onetime] # to clients. In the meantime, we just disable CRL checking if # the CRL file doesn't exist unless File::exist?(Puppet[:cacrl]) - Puppet[:cacrl] = 'none' + Puppet[:cacrl] = 'false' end handlers = nil diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 0c8ac3f8..520a18d1 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -232,7 +232,7 @@ module Puppet :owner => "$user", :group => "$group", :mode => 0664, - :desc => "The certificate revocation list (CRL) for the CA. Set this to 'none' if you do not want to use a CRL." + :desc => "The certificate revocation list (CRL) for the CA. Set this to 'false' if you do not want to use a CRL." }, :caprivatedir => { :default => "$cadir/private", :owner => "$user", diff --git a/lib/puppet/network/http_server/webrick.rb b/lib/puppet/network/http_server/webrick.rb index 3c9f72e1..e4f00dd7 100644 --- a/lib/puppet/network/http_server/webrick.rb +++ b/lib/puppet/network/http_server/webrick.rb @@ -22,12 +22,12 @@ class HTTPServer::WEBrick < WEBrick::HTTPServer # with them, with flags appropriate for checking client # certificates for revocation def x509store - if Puppet[:cacrl] == 'none' + if Puppet[:cacrl] == 'false' # No CRL, no store needed return nil end unless File.exist?(Puppet[:cacrl]) - raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'none' to disable CRL usage" + raise Puppet::Error, "Could not find CRL; set 'cacrl' to 'false' to disable CRL usage" end crl = OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])) store = OpenSSL::X509::Store.new diff --git a/lib/puppet/sslcertificates/ca.rb b/lib/puppet/sslcertificates/ca.rb index a3edd2cb..888bcf5b 100644 --- a/lib/puppet/sslcertificates/ca.rb +++ b/lib/puppet/sslcertificates/ca.rb @@ -194,8 +194,8 @@ def removeclientcsr(host) # Revoke the certificate with serial number SERIAL issued by this # CA. The REASON must be one of the OpenSSL::OCSP::REVOKED_* reasons def revoke(serial, reason = OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE) - if @config[:cacrl] == 'none' - raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'none'" + if @config[:cacrl] == 'false' + raise Puppet::Error, "Revocation requires a CRL, but ca_crl is set to 'false'" end time = Time.now revoked = OpenSSL::X509::Revoked.new @@ -372,7 +372,7 @@ def init_crl @crl = OpenSSL::X509::CRL.new( File.read(@config[:cacrl]) ) - elsif @config[:cacrl] == 'none' + elsif @config[:cacrl] == 'false' @crl = nil else # Create new CRL diff --git a/lib/puppet/util/settings.rb b/lib/puppet/util/settings.rb index c84a5bfb..cf15d319 100644 --- a/lib/puppet/util/settings.rb +++ b/lib/puppet/util/settings.rb @@ -1124,7 +1124,7 @@ def owner # the variable 'dir', or adding a slash at the end. def munge(value) # If it's not a fully qualified path... - if value.is_a?(String) and value !~ /^\$/ and value !~ /^\// + if value.is_a?(String) and value !~ /^\$/ and value !~ /^\// and value != 'false' # Make it one value = File.join(Dir.getwd, value) end