To be clear, this patch just removes the setting (as per discussion on the ticket), since it isn't likely to work anyway.
On Tue, Dec 29, 2009 at 2:11 PM, Jesse Wolfe <[email protected]> wrote: > The setting enable_post_connection_check doesn't exist on very many > versions of ruby, and on those systems there's no way to disable domain > name checking on HTTPS. > The recommended work-around is to replace certificates when they have > incorrect hostnames. > > Signed-off-by: Jesse Wolfe <[email protected]> > --- > lib/puppet/defaults.rb | 3 -- > lib/puppet/network/http_pool.rb | 2 - > spec/integration/indirector/certificate/rest.rb | 1 - > .../indirector/certificate_request/rest.rb | 1 - > .../indirector/certificate_revocation_list/rest.rb | 1 - > spec/integration/indirector/report/rest.rb | 1 - > spec/integration/indirector/rest.rb | 1 - > spec/unit/network/http_pool.rb | 26 > +++++++------------- > 8 files changed, 9 insertions(+), 27 deletions(-) > > diff --git a/lib/puppet/defaults.rb b/lib/puppet/defaults.rb > index 0153957..5234d98 100644 > --- a/lib/puppet/defaults.rb > +++ b/lib/puppet/defaults.rb > @@ -159,9 +159,6 @@ module Puppet > may need to use a FQDN for the server hostname when using a > proxy."], > :http_proxy_port => [3128, > "The HTTP proxy port to use for outgoing connections"], > - :http_enable_post_connection_check => [true, > - "Boolean; wheter or not puppetd should validate the server > - SSL certificate against the request hostname."], > :filetimeout => [ 15, > "The minimum time to wait (in seconds) between checking for > updates in > configuration files. This timeout determines how quickly > Puppet checks whether > diff --git a/lib/puppet/network/http_pool.rb > b/lib/puppet/network/http_pool.rb > index 6de204a..4789d47 100644 > --- a/lib/puppet/network/http_pool.rb > +++ b/lib/puppet/network/http_pool.rb > @@ -94,8 +94,6 @@ module Puppet::Network::HttpPool > # Use configured timeout (#1176) > http.read_timeout = Puppet[:configtimeout] > http.open_timeout = Puppet[:configtimeout] > - # JJM Configurable fix for #896. > - http.enable_post_connection_check = > Puppet[:http_enable_post_connection_check] > > cert_setup(http) > > diff --git a/spec/integration/indirector/certificate/rest.rb > b/spec/integration/indirector/certificate/rest.rb > index 71ef443..a814e00 100755 > --- a/spec/integration/indirector/certificate/rest.rb > +++ b/spec/integration/indirector/certificate/rest.rb > @@ -19,7 +19,6 @@ describe "Certificate REST Terminus" do > Puppet.settings[:vardir] = @dir > Puppet.settings[:server] = "127.0.0.1" > Puppet.settings[:masterport] = "34343" > - Puppet.settings[:http_enable_post_connection_check] = false > > Puppet::Util::Cacher.expire > > diff --git a/spec/integration/indirector/certificate_request/rest.rb > b/spec/integration/indirector/certificate_request/rest.rb > index 211188e..86fb1ba 100755 > --- a/spec/integration/indirector/certificate_request/rest.rb > +++ b/spec/integration/indirector/certificate_request/rest.rb > @@ -21,7 +21,6 @@ describe "Certificate Request REST Terminus" do > Puppet.settings[:vardir] = @dir > Puppet.settings[:server] = "127.0.0.1" > Puppet.settings[:masterport] = "34343" > - Puppet.settings[:http_enable_post_connection_check] = false > > Puppet[:servertype] = 'webrick' > Puppet[:server] = '127.0.0.1' > diff --git > a/spec/integration/indirector/certificate_revocation_list/rest.rb > b/spec/integration/indirector/certificate_revocation_list/rest.rb > index f308543..5c68467 100755 > --- a/spec/integration/indirector/certificate_revocation_list/rest.rb > +++ b/spec/integration/indirector/certificate_revocation_list/rest.rb > @@ -19,7 +19,6 @@ describe "Certificate REST Terminus" do > Puppet.settings[:vardir] = @dir > Puppet.settings[:server] = "127.0.0.1" > Puppet.settings[:masterport] = "34343" > - Puppet.settings[:http_enable_post_connection_check] = false > > Puppet::Util::Cacher.expire > > diff --git a/spec/integration/indirector/report/rest.rb > b/spec/integration/indirector/report/rest.rb > index 6525065..a3894f9 100644 > --- a/spec/integration/indirector/report/rest.rb > +++ b/spec/integration/indirector/report/rest.rb > @@ -19,7 +19,6 @@ describe "Report REST Terminus" do > Puppet.settings[:vardir] = @dir > Puppet.settings[:server] = "127.0.0.1" > Puppet.settings[:masterport] = "34343" > - Puppet.settings[:http_enable_post_connection_check] = false > > Puppet::Util::Cacher.expire > > diff --git a/spec/integration/indirector/rest.rb > b/spec/integration/indirector/rest.rb > index 077a74f..f4561c6 100755 > --- a/spec/integration/indirector/rest.rb > +++ b/spec/integration/indirector/rest.rb > @@ -40,7 +40,6 @@ describe Puppet::Indirector::REST do > Puppet.settings[:vardir] = @dir > Puppet.settings[:server] = "127.0.0.1" > Puppet.settings[:masterport] = "34343" > - Puppet.settings[:http_enable_post_connection_check] = false > > Puppet::SSL::Host.ca_location = :local > > diff --git a/spec/unit/network/http_pool.rb > b/spec/unit/network/http_pool.rb > index 65f91ef..7fe55c5 100755 > --- a/spec/unit/network/http_pool.rb > +++ b/spec/unit/network/http_pool.rb > @@ -36,7 +36,7 @@ describe Puppet::Network::HttpPool do > end > > it "should return an http instance created with the passed host and > port" do > - http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, > :open_timeout= => nil, :enable_post_connection_check= => nil, :started? => > false > + http = stub 'http', :use_ssl= => nil, :read_timeout= => nil, > :open_timeout= => nil, :started? => false > Net::HTTP.expects(:new).with("me", 54321, nil, > nil).returns(http) > Puppet::Network::HttpPool.http_instance("me", 54321).should > equal(http) > end > @@ -53,16 +53,8 @@ describe Puppet::Network::HttpPool do > Puppet::Network::HttpPool.http_instance("me", > 54321).open_timeout.should == 120 > end > > - it "should default to http_enable_post_connection_check being > enabled" do > - Puppet.settings[:http_enable_post_connection_check].should > be_true > - end > - > - it "should set enable_post_connection_check true " do > - Puppet::Network::HttpPool.http_instance("me", > 54321).instance_variable_get("@enable_post_connection_check").should > be(Puppet.settings[:http_enable_post_connection_check]) > - end > - > it "should create the http instance with the proxy host and port > set if the http_proxy is not set to 'none'" do > - stub_settings :http_proxy_host => "myhost", :http_proxy_port > => 432, :configtimeout => 120, :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", :http_proxy_port > => 432, :configtimeout => 120 > Puppet::Network::HttpPool.http_instance("me", > 54321).open_timeout.should == 120 > end > > @@ -72,19 +64,19 @@ describe Puppet::Network::HttpPool do > end > > it "should cache http instances" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > old = Puppet::Network::HttpPool.http_instance("me", 54321) > Puppet::Network::HttpPool.http_instance("me", 54321).should > equal(old) > end > > it "should have a mechanism for getting a new http instance > instead of the cached instance" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > old = Puppet::Network::HttpPool.http_instance("me", 54321) > Puppet::Network::HttpPool.http_instance("me", 54321, > true).should_not equal(old) > end > > it "should close existing, open connections when requesting a > new connection" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > old = Puppet::Network::HttpPool.http_instance("me", 54321) > old.expects(:started?).returns(true) > old.expects(:finish) > @@ -92,7 +84,7 @@ describe Puppet::Network::HttpPool do > end > > it "should have a mechanism for clearing the http cache" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > old = Puppet::Network::HttpPool.http_instance("me", 54321) > Puppet::Network::HttpPool.http_instance("me", 54321).should > equal(old) > old = Puppet::Network::HttpPool.http_instance("me", 54321) > @@ -101,7 +93,7 @@ describe Puppet::Network::HttpPool do > end > > it "should close open http connections when clearing the cache" > do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > one = Puppet::Network::HttpPool.http_instance("me", 54321) > one.expects(:started?).returns(true) > one.expects(:finish).returns(true) > @@ -109,7 +101,7 @@ describe Puppet::Network::HttpPool do > end > > it "should not close unopened http connections when clearing > the cache" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > one = Puppet::Network::HttpPool.http_instance("me", 54321) > one.expects(:started?).returns(false) > one.expects(:finish).never > @@ -123,7 +115,7 @@ describe Puppet::Network::HttpPool do > end > > it "should not cache http instances" do > - stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120, > :http_enable_post_connection_check => true > + stub_settings :http_proxy_host => "myhost", > :http_proxy_port => 432, :configtimeout => 120 > old = Puppet::Network::HttpPool.http_instance("me", 54321) > Puppet::Network::HttpPool.http_instance("me", > 54321).should_not equal(old) > end > -- > 1.6.5 > > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Developers" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<puppet-dev%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/puppet-dev?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
