Your message dated Fri, 30 Jul 2010 11:41:07 +0200
with message-id <[email protected]>
and subject line Fixed upstream
has caused the Debian Bug report #573416,
regarding server certificate name mismatch leads to obscure error
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
573416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573416
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: puppet
Version: 0.25.4-2
Severity: wishlist
Forwarded: http://projects.reductivelabs.com/issues/3101
Tags: upstream
I encountered the situation where I was trying to connect to
a puppetmaster with a different hostname than its CN in the SSL
certificate. The error was rather obscure:
err: Could not retrieve catalog from remote server: undefined
method `closed?' for nil:NilClass
After ensuring that DNS was all properly configured and noticing
that the puppet --trace showed that the error was due to an
undefined socket object in puppet's HTTP request method (http.rb
— I tip my hat to ruby for even letting things get that far),
I tried ruby --debug and found:
Exception `OpenSSL::SSL::SSLError' at
/usr/lib/ruby/1.8/openssl/ssl.rb:123 - hostname was not match with
the server certificate
Sure enough, changing the server hostname used by puppetd to match
the server's CN made the problem go away.
It would be nice if puppet could be a bit more helpful with error
reporting, and if Ruby could be fixed.
-- System Information:
Debian Release: squeeze/sid
Architecture: i386 (i686)
Kernel: Linux 2.6.33-2-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages puppet depends on:
ii adduser 3.112 add and remove users and groups
ii facter 1.5.7-1 a library for retrieving facts fro
ii libopenssl-ruby 4.2 OpenSSL interface for Ruby
ii libruby [libxmlrpc-ruby] 4.2 Libraries necessary to run Ruby 1.
ii libshadow-ruby1.8 1.4.1-8 Interface of shadow password for R
ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip
ii puppet-common 0.25.4-2 common files for puppet and puppet
ii ruby1.8 1.8.7.249-1 Interpreter of object-oriented scr
Versions of packages puppet recommends:
ii libaugeas-ruby1.8 0.3.0-1.1 Augeas bindings for the Ruby langu
ii rdoc 4.2 Generate documentation from ruby s
Versions of packages puppet suggests:
pn puppet-el <none> (no description available)
pn vim-puppet <none> (no description available)
-- no debconf information
--
.''`. martin f. krafft <[email protected]> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
--- End Message ---
--- Begin Message ---
Version: 0.25.5-1
This bug was fixed upstream in 0.25.5
Thanks for reporting the issue.
--
Stig Sandbeck Mathisen
ooo, shiny!
pgpjJJqO5RfAY.pgp
Description: PGP signature
--- End Message ---
