The setting enable_post_connection_check doesn't exist on very many versions of ruby, and on those systems there's no way to disable domain name checking on HTTPS. The recommended work-around is to replace certificates when they have incorrect hostnames.
Signed-off-by: Jesse Wolfe <[email protected]> --- lib/puppet/defaults.rb | 3 -- lib/puppet/network/http_pool.rb | 2 - spec/integration/indirector/certificate/rest.rb | 1 - .../indirector/certificate_request/rest.rb | 1 - .../indirector/certificate_revocation_list/rest.rb | 1 - spec/integration/indirector/report/rest.rb | 1 - spec/integration/indirector/rest.rb | 1 - spec/unit/network/http_pool.rb | 26 +++++++------------- 8 files changed, 9 insertions(+), 27 deletions(-) diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb index 0153957..5234d98 100644 --- a/lib/puppet/defaults.rb +++ b/lib/puppet/defaults.rb @@ -159,9 +159,6 @@ module Puppet may need to use a FQDN for the server hostname when using a proxy."], :http_proxy_port => [3128, "The HTTP proxy port to use for outgoing connections"], - :http_enable_post_connection_check => [true, - "Boolean; wheter or not puppetd should validate the server - SSL certificate against the request hostname."], :filetimeout => [ 15, "The minimum time to wait (in seconds) between checking for updates in configuration files. This timeout determines how quickly Puppet checks whether diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb index 6de204a..4789d47 100644 --- a/lib/puppet/network/http_pool.rb +++ b/lib/puppet/network/http_pool.rb @@ -94,8 +94,6 @@ module Puppet::Network::HttpPool # Use configured timeout (#1176) http.read_timeout = Puppet[:configtimeout] http.open_timeout = Puppet[:configtimeout] - # JJM Configurable fix for #896. - http.enable_post_connection_check = Puppet[:http_enable_post_connection_check] cert_setup(http) diff --git a/spec/integration/indirector/certificate/rest.rb b/spec/integration/indirector/certificate/rest.rb index 71ef443..a814e00 100755 --- a/spec/integration/indirector/certificate/rest.rb +++ b/spec/integration/indirector/certificate/rest.rb @@ -19,7 +19,6 @@ describe "Certificate REST Terminus" do Puppet.settings[:vardir] = @dir Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" - Puppet.settings[:http_enable_post_connection_check] = false Puppet::Util::Cacher.expire diff --git a/spec/integration/indirector/certificate_request/rest.rb b/spec/integration/indirector/certificate_request/rest.rb index 211188e..86fb1ba 100755 --- a/spec/integration/indirector/certificate_request/rest.rb +++ b/spec/integration/indirector/certificate_request/rest.rb @@ -21,7 +21,6 @@ describe "Certificate Request REST Terminus" do Puppet.settings[:vardir] = @dir Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" - Puppet.settings[:http_enable_post_connection_check] = false Puppet[:servertype] = 'webrick' Puppet[:server] = '127.0.0.1' diff --git a/spec/integration/indirector/certificate_revocation_list/rest.rb b/spec/integration/indirector/certificate_revocation_list/rest.rb index f308543..5c68467 100755 --- a/spec/integration/indirector/certificate_revocation_list/rest.rb +++ b/spec/integration/indirector/certificate_revocation_list/rest.rb @@ -19,7 +19,6 @@ describe "Certificate REST Terminus" do Puppet.settings[:vardir] = @dir Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" - Puppet.settings[:http_enable_post_connection_check] = false Puppet::Util::Cacher.expire diff --git a/spec/integration/indirector/report/rest.rb b/spec/integration/indirector/report/rest.rb index 6525065..a3894f9 100644 --- a/spec/integration/indirector/report/rest.rb +++ b/spec/integration/indirector/report/rest.rb @@ -19,7 +19,6 @@ describe "Report REST Terminus" do Puppet.settings[:vardir] = @dir Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" - Puppet.settings[:http_enable_post_connection_check] = false Puppet::Util::Cacher.expire diff --git a/spec/integration/indirector/rest.rb b/spec/integration/indirector/rest.rb index 077a74f..f4561c6 100755 --- a/spec/integration/indirector/rest.rb +++ b/spec/integration/indirector/rest.rb @@ -40,7 +40,6 @@ describe Puppet::Indirector::REST do Puppet.settings[:vardir] = @dir Puppet.settings[:server] = "127.0.0.1" Puppet.settings[:masterport] = "34343" - Puppet.settings[:http_enable_post_connection_check] = false Puppet::SSL::Host.ca_location = :local diff --git a/spec/unit/network/http_pool.rb b/spec/unit/network/http_pool.rb index 65f91ef..7fe55c5 100755 --- a/spec/unit/network/http_pool.rb +++ b/spec/unit/network/http_pool.rb @@ -36,7 +36,7 @@ describe Puppet::Network::HttpPool do end it "should return an http instance created with the passed host and port" do - http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, :open_timeout= => nil, :enable_post_connection_check= => nil, :started? => false + http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, :open_timeout= => nil, :started? => false Net::HTTP.expects(:new).with("me", 54321, nil, nil).returns(http) Puppet::Network::HttpPool.http_instance("me", 54321).should equal(http) end @@ -53,16 +53,8 @@ describe Puppet::Network::HttpPool do Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120 end - it "should default to http_enable_post_connection_check being enabled" do - Puppet.settings[:http_enable_post_connection_check].should be_true - end - - it "should set enable_post_connection_check true " do - Puppet::Network::HttpPool.http_instance("me", 54321).instance_variable_get("@enable_post_connection_check").should be(Puppet.settings[:http_enable_post_connection_check]) - end - it "should create the http instance with the proxy host and port set if the http_proxy is not set to 'none'" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 Puppet::Network::HttpPool.http_instance("me", 54321).open_timeout.should == 120 end @@ -72,19 +64,19 @@ describe Puppet::Network::HttpPool do end it "should cache http instances" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 old = Puppet::Network::HttpPool.http_instance("me", 54321) Puppet::Network::HttpPool.http_instance("me", 54321).should equal(old) end it "should have a mechanism for getting a new http instance instead of the cached instance" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 old = Puppet::Network::HttpPool.http_instance("me", 54321) Puppet::Network::HttpPool.http_instance("me", 54321, true).should_not equal(old) end it "should close existing, open connections when requesting a new connection" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 old = Puppet::Network::HttpPool.http_instance("me", 54321) old.expects(:started?).returns(true) old.expects(:finish) @@ -92,7 +84,7 @@ describe Puppet::Network::HttpPool do end it "should have a mechanism for clearing the http cache" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 old = Puppet::Network::HttpPool.http_instance("me", 54321) Puppet::Network::HttpPool.http_instance("me", 54321).should equal(old) old = Puppet::Network::HttpPool.http_instance("me", 54321) @@ -101,7 +93,7 @@ describe Puppet::Network::HttpPool do end it "should close open http connections when clearing the cache" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 one = Puppet::Network::HttpPool.http_instance("me", 54321) one.expects(:started?).returns(true) one.expects(:finish).returns(true) @@ -109,7 +101,7 @@ describe Puppet::Network::HttpPool do end it "should not close unopened http connections when clearing the cache" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 one = Puppet::Network::HttpPool.http_instance("me", 54321) one.expects(:started?).returns(false) one.expects(:finish).never @@ -123,7 +115,7 @@ describe Puppet::Network::HttpPool do end it "should not cache http instances" do - stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120, :http_enable_post_connection_check => true + stub_settings :http_proxy_host => "myhost", :http_proxy_port => 432, :configtimeout => 120 old = Puppet::Network::HttpPool.http_instance("me", 54321) Puppet::Network::HttpPool.http_instance("me", 54321).should_not equal(old) end -- 1.6.5 -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
