subject:"Jira \(PUP\-10721\) http_instance cannot ignore cert verification"

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

2020-10-20 Thread Josh Cooper (Jira)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Josh Cooper updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Puppet /  PUP-10721  
 
 
  http_instance cannot ignore cert verification in puppetserver   
 

  
 
 
 
 

 
Change By: 
 Josh Cooper  
 
 
Team: 
 Coremunity  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59875.1603238160096%40Atlassian.JIRA.

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

2020-10-20 Thread Josh Cooper (Jira)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Josh Cooper commented on  PUP-10721  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
  Re: http_instance cannot ignore cert verification in puppetserver   
 

  
 
 
 
 

 
 This works as expected when using the agent's HTTP implementation. But when using the external_client adapter and puppetserver's connection class, the "verify_peer = false" is lost in translation, but fails securely. Need to make sure this works in 6.x and 7.0  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59874.1603238160039%40Atlassian.JIRA.

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

2020-10-20 Thread Josh Cooper (Jira)

Title: Message Title


 
 
 
 

 
 
 

 
   
 Josh Cooper updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Puppet /  PUP-10721  
 
 
  http_instance cannot ignore cert verification in puppetserver   
 

  
 
 
 
 

 
Change By: 
 Josh Cooper  
 
 
Summary: 
 http_instance cannot ignore cert verification  in puppetserver  
 

  
 
 
 
 

 
 
 

 
 
 Add Comment  
 

  
 

  
 
 
 
  
 

  
 
 
 
 

 
 This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935)  
 
 

 
   
 

  
 

  
 

   





-- 
You received this message because you are subscribed to the Google Groups "Puppet Bugs" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59329.1603225920027%40Atlassian.JIRA.

Jira (PUP-10721) http_instance cannot ignore cert verification

2020-10-20 Thread William Hurt (Jira)

Title: Message Title


 
 
 
 

 
 
 

 
   
 William Hurt updated an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Puppet /  PUP-10721  
 
 
  http_instance cannot ignore cert verification   
 

  
 
 
 
 

 
Change By: 
 William Hurt  
 

  
 
 
 
 

 
 *Puppet Version: 6.17.0* *Puppet Server Version: 2019.8.0.37* *OS Name/Version: Ubuntu 18.04*When attempting to use [Puppet::Network::HttpPool.http_instance|https://github.com/puppetlabs/puppet/blob/fe73adb22453824c014d7975e30e4fc882e8bbc2/lib/puppet/network/http_pool.rb#L36] to perform an HTTP request to an HTTPS url, setting the 'verify_peer' parameter false to ignore certificate verification does not work.*Desired Behavior:* This wrapper should be capable of doing HTTPS requests that ignore cert verification. Otherwise it is impossible to use it for doing requests against end points that use self signed certs.*Actual Behavior:*The attempt to ignore cert verification results in an error when the call is invoked. The following call results in the error text below: {code:ruby}  use_ssl = truevalidate_cert = falseconn = Puppet::Network::HttpPool.http_instance(uri.host, uri.port, use_ssl, validate_cert)headers = { 'Content-Type' => 'application/json'}conn.post("#{uri.path}?#{uri.query}", body.to_json, headers){code} {noformat}  2020-10-19T21:16:18.987Z WARN [qtp2062408424-41] [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008) at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:339) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:503) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODisp

Jira (PUP-10721) http_instance cannot ignore cert verification

2020-10-20 Thread William Hurt (Jira)

Title: Message Title


 
 
 
 

 
 
 

 
   
 William Hurt created an issue  
 

  
 
 
 
 

 
 
  
 
 
 
 

 
 Puppet /  PUP-10721  
 
 
  http_instance cannot ignore cert verification   
 

  
 
 
 
 

 
Issue Type: 
  Bug  
 
 
Assignee: 
 Unassigned  
 
 
Created: 
 2020/10/20 1:14 PM  
 
 
Priority: 
  Normal  
 
 
Reporter: 
 William Hurt  
 

  
 
 
 
 

 
 Puppet Version: 6.17.0 Puppet Server Version: 2019.8.0.37 OS Name/Version: Ubuntu 18.04 When attempting to use Puppet::Network::HttpPool.http_instance to perform an HTTP request to an HTTPS url, setting the 'verify_peer' parameter false to ignore certificate verification does not work. Desired Behavior: This wrapper should be capable of doing HTTPS requests that ignore cert verification. Otherwise it is impossible to use it for doing requests against end points that use self signed certs. Actual Behavior: The attempt to ignore cert verification results in an error when the call is invoked.  The following call results in the error text below:    
 
 
 
 
 use_ssl = true  
 
 
 validate_cert = false  
 
 
 conn = Puppet::Network::HttpPool.http_instance(uri.host,  
 
 
uri.port,

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver

Jira (PUP-10721) http_instance cannot ignore cert verification

Jira (PUP-10721) http_instance cannot ignore cert verification

5 matches

Site Navigation

Mail list logo

Footer information