Issue #4948 has been updated by Markus Roberts. Category set to SSL Status changed from Unreviewed to Accepted Target version set to Statler Affected version set to 0.25.0
Yet another argument for using the client tools rather than the API wrapper from mars. :) ---------------------------------------- Bug #4948: connecting from a client whose cert is revoked fails without indicating why http://projects.puppetlabs.com/issues/4948 Author: eric sorenson Status: Accepted Priority: Normal Assignee: Category: SSL Target version: Statler Affected version: 0.25.0 Keywords: Branch: had a confusing time tonight trying to debug some systems which were failing puppetd -tv -- the error output looked like: <pre> [r...@it11p00me-acctsvc001 /var/lib/puppet]# puppetd -tv info: Retrieving plugin err: /File[/var/lib/puppet/lib]: Failed to generate additional resources using 'eval_generate': certificate verify failed err: /File[/var/lib/puppet/lib]: Failed to retrieve current state of resource: certificate verify failed Could not retrieve file metadata for puppet://puppet/plugins: certificate verify failed info: Loading facts in locallinks info: Loading facts in locallinks err: Could not retrieve catalog from remote server: certificate verify failed warning: Not using cache on failed catalog err: Could not retrieve catalog; skipping run </pre> The cause was that the cert's serial number was in the CRL downloaded from the CA - probably due to a misunderstanding on my part of how exactly to issue new certificates to hosts whose private keys are lost due to re-imaging. But regardless it would be nice to emit some kind of informative error message if we find out the local certificate is in the CA's CRL. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
