Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10721 http_instance cannot ignore cert verification in puppetserver Change By: Josh Cooper Team: Coremunity Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59875.1603238160096%40Atlassian.JIRA.
Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver
Title: Message Title Josh Cooper commented on PUP-10721 Re: http_instance cannot ignore cert verification in puppetserver This works as expected when using the agent's HTTP implementation. But when using the external_client adapter and puppetserver's connection class, the "verify_peer = false" is lost in translation, but fails securely. Need to make sure this works in 6.x and 7.0 Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59874.1603238160039%40Atlassian.JIRA.
Jira (PUP-10721) http_instance cannot ignore cert verification in puppetserver
Title: Message Title Josh Cooper updated an issue Puppet / PUP-10721 http_instance cannot ignore cert verification in puppetserver Change By: Josh Cooper Summary: http_instance cannot ignore cert verification in puppetserver Add Comment This message was sent by Atlassian Jira (v8.5.2#805002-sha1:a66f935) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-bugs/JIRA.375370.1603224895000.59329.1603225920027%40Atlassian.JIRA.
Jira (PUP-10721) http_instance cannot ignore cert verification
Title: Message Title William Hurt updated an issue Puppet / PUP-10721 http_instance cannot ignore cert verification Change By: William Hurt *Puppet Version: 6.17.0* *Puppet Server Version: 2019.8.0.37* *OS Name/Version: Ubuntu 18.04*When attempting to use [Puppet::Network::HttpPool.http_instance|https://github.com/puppetlabs/puppet/blob/fe73adb22453824c014d7975e30e4fc882e8bbc2/lib/puppet/network/http_pool.rb#L36] to perform an HTTP request to an HTTPS url, setting the 'verify_peer' parameter false to ignore certificate verification does not work.*Desired Behavior:* This wrapper should be capable of doing HTTPS requests that ignore cert verification. Otherwise it is impossible to use it for doing requests against end points that use self signed certs.*Actual Behavior:*The attempt to ignore cert verification results in an error when the call is invoked. The following call results in the error text below: {code:ruby} use_ssl = truevalidate_cert = falseconn = Puppet::Network::HttpPool.http_instance(uri.host, uri.port, use_ssl, validate_cert)headers = { 'Content-Type' => 'application/json'}conn.post("#{uri.path}?#{uri.query}", body.to_json, headers){code} {noformat} 2020-10-19T21:16:18.987Z WARN [qtp2062408424-41] [c.p.h.c.i.PersistentSyncHttpClient] Error executing http request javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:326) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:269) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:645) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:464) at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008) at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:281) at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:339) at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:503) at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODisp
Jira (PUP-10721) http_instance cannot ignore cert verification
Title: Message Title William Hurt created an issue Puppet / PUP-10721 http_instance cannot ignore cert verification Issue Type: Bug Assignee: Unassigned Created: 2020/10/20 1:14 PM Priority: Normal Reporter: William Hurt Puppet Version: 6.17.0 Puppet Server Version: 2019.8.0.37 OS Name/Version: Ubuntu 18.04 When attempting to use Puppet::Network::HttpPool.http_instance to perform an HTTP request to an HTTPS url, setting the 'verify_peer' parameter false to ignore certificate verification does not work. Desired Behavior: This wrapper should be capable of doing HTTPS requests that ignore cert verification. Otherwise it is impossible to use it for doing requests against end points that use self signed certs. Actual Behavior: The attempt to ignore cert verification results in an error when the call is invoked. The following call results in the error text below: use_ssl = true validate_cert = false conn = Puppet::Network::HttpPool.http_instance(uri.host, uri.port,