-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yes, that's why it was a retro fix.
However, you might want to change it back to a hostname derivative just in case people are using multiple CA's for some reason. Each CA really should have its own unique name so that you don't run into additional cert conflicts in the future. You can get around this by using a CA CRL Path instead of file, but Puppet doesn't support that out of the box so extra work would need to be done on the part of the admin. Starts with this Redmine issue: http://projects.puppetlabs.com/issues/899 I was thinking that this could be added to the 0.24 series, possibly as a vendor patch, etc... I tested it pretty thoroughly and, from what I know of Apache and OpenSSL, you shouldn't see any issues with it. Thanks, Trevor On 06/30/2010 03:31 AM, Brice Figureau wrote: > Hi, > > On 30/06/10 06:55, Markus Roberts wrote: >> Jeff and I are planning to test the fix for possible inclusion; I'm >> guardedly optimistic, but unwilling to say "oh yeah, that'll work" due >> mostly to my lack of confidence in my understanding of OpenSSL corner cases. >> >> Short form: plausible, and worth testing. > > Just a reminder that the problem occurs only 0.24.x, 0.25+ has a default > CA cert CN DN of 'ca'. > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: [email protected] phone: 410-541-ONYX (6699) pgp: 0x6C701E94 - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJMKwzpAAoJECNCGV1OLcyp0ZkIAK3sP5WzpN06x6pDzG3jTL19 naorOlBTqXGmEk63dZXaNg1mECOMovToiRBiFbIw/E6AtEp5O++FOWRTIQ+TzFFy R+J7cL47BbnhKqCx92Vi9joHY0izStgLO681+QcaUTrf0aju/4og9bVWLUcFFTEM Md4+BPIZFIQhnqKAcsWbN2PvKvFh2hm5uFwSiGSP/U+oZkd4iCH2xWUUhE05tM+q O8szw+64AorA5zpWOdKk63W0tS8juPNay9Y1kKV8BEXH17RXirKU0Y+R5xvk+I6c I6JbHs8aZnrSfcMScFEZilNZm5SyzRjiWmzWqcmfGiFOAyXyhigi5Al0iXkZL+Y= =DXU+ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
<<attachment: tvaughan.vcf>>
