So, we've got at least three tickets related to the name in the CA certificate:
http://projects.reductivelabs.com/issues/2617 http://projects.reductivelabs.com/issues/1507 http://projects.reductivelabs.com/issues/899 This pretty clearly smacks of a systemic problem. I think the "right" approach is to generally use the fqdn as the name in the CA cert, but with enough configurability (รก la #1507) to change so that #899 will still work if needed. The fix for #2617 is still needed, in case someone actually changes the name, but I think addressing these all at once is the right move, for 0.26. It's a very small amount of code, but obviously has more potential consequences than we'd like to believe. What do others think? -- A diplomat is a man who can convince his wife she'd look stout in a fur coat. --------------------------------------------------------------------- Luke Kanies -|- http://reductivelabs.com -|- +1(615)594-8199 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
