On Wednesday, February 13, 2013 11:31:06 AM UTC+11, Eric Sorenson wrote:
>
> Right but the puppet SSL directory is almost certainly not where your ssl
> library defaults to looking for the ca cert hashes.
>
I see, I thought for some reason we were trying to do the workaround from
the Redmine, okay.
So if I read the c_rehash script (which I had to get this from an AIX box
with different default paths) -
my $dir = "/var/ssl";
...
if(@ARGV) {
@dirlist = @ARGV;
} elsif($ENV{SSL_CERT_DIR}) {
@dirlist = split /:/, $ENV{SSL_CERT_DIR};
} else {
$dirlist[0] = "$dir/certs";
}
- it appears the default directory on my RHEL puppet master ought to be
# rpm -ql openssl-0.9.8e-22.el5_8.4 |grep certs$
/etc/pki/tls/certs
Running the script on that directory, though, doesn't appear to do
anything, as there are no .pem files -
# ./c_rehash /etc/pki/tls/certs
Doing /etc/pki/tls/certs
And then doing a find at root -
# find / -name certs
/etc/racoon/certs
/etc/puppetlabs/puppet/ssl/certs
/etc/pki/tls/certs
/var/lib/puppet/ssl/certs
And as I'd guess you'd expect this hasn't changed the behaviour - still
getting the same error.
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-dev?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
