Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ethan Brown commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Cherry-picked previous commit https://github.com/puppetlabs/puppet/commit/4373d41b3943cc7830277a37c3ba100d04037254 from PR 4469 to stable Rebased PR 4879 on stable - pushed to stable in https://github.com/puppetlabs/puppet/commit/482ca99eb4b6f181ed765b83acb648f3cdd2a05e Merged up to master in https://github.com/puppetlabs/puppet/commit/bbd4d58e285b6e5563f58994201b2e0e96f341ab Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti assigned an issue to Ethan Brown Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Glenn Sarti Assignee: Ethan Brown Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Submitted PR 4879 with updated unit tests and fix Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Ethan Brown 's FR found a different duplication error where root certificates appeared to be loading twice. https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/monkey_patches.rb#L136 This is not due to a bug, but is "by design". A certificate store used in https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/monkey_patches.rb#L136 is a logical store, not physical. The logical is made up multiple physical stores, merged together to look like one. https://blogs.msdn.microsoft.com/muaddib/2013/10/18/understanding-and-managing-the-certificate-stores-used-for-smart-card-logon/ To create an "apparent" duplicate certificate do the following; 1. Open regedit and browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates 2. Export one the certificates to C:\DupeCert.reg 3. Edit C:\DupeCert.reg in Notepad and change "HKEY_LOCAL_MACHINE" to "HKEY_CURRENT_USER". Save the file 4. Import C:\DupeCert.reg into the registry. This now means the certificate is in both the Machine and User ROOT registry certificate stores and appears as a duplicate But this doesn't explain why the ruby code doesn't catch the duplicate. It should do as part of "...instance.to_a.uniq" https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/monkey_patches.rb#L132 According to http://ruby-doc.org/core-2.2.0/Array.html#method-i-uniq ruby uses the .hash function for comparison. After adding some logging at https://github.com/puppetlabs/puppet/blob/master/lib/puppet/util/monkey_patches.rb#L134 the following was found; For the same PEM content of a cert, the .hash value kept changing! Certificate PEM -BEGIN CERTIFICATE- MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBM MRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBD QTAeFw0wMjA2MTExMDQ2MzlaFw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBM
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Setting up validation in Windows for Azure; Windows Clone the repo Add the following to gemfile.local gem 'fuubar' if RUBY_VERSION == "1.8.7" gem 'debugger' elsif RUBY_VERSION =~ /^2\./ gem "pry-byebug" else gem "pry-debugger"
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti assigned an issue to Glenn Sarti Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Glenn Sarti Assignee: Ethan Brown Glenn Sarti Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ethan Brown commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Failed review - messages are still emitted. More detail coming Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Steve Barlow Sprint: Windows 2016-04-06 , Windows 2016-04-20 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ryan Gard assigned an issue to Ethan Brown Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ryan Gard Assignee: Ryan Gard Ethan Brown Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ryan Gard updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ryan Gard QA Risk Assessment: Medium Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ryan Gard updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ryan Gard QA Status: Reviewed Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ryan Gard updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ryan Gard QA Contact: Ryan Gard Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti assigned an issue to Ryan Gard Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Glenn Sarti Assignee: qa Ryan Gard Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti assigned an issue to qa Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Glenn Sarti Status: Ready for CI Test Assignee: Glenn Sarti qa Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Artifacts available at; http://builds.puppetlabs.lan/puppet-agent/d4f82e31005ec730bf2fc51cc9c996f11f3908b1/artifacts/windows/ Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Merged into master at; https://github.com/puppetlabs/puppet/commit/5e6bc65d7c4f0b76aa5a2aa925b57487c0de76e3 Pending build Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ethan Brown commented on PUP-5588 Re: Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Another validation for this ticket is to use the Azure module on Windows. I believe running any manifest on Windows will stream many of these cert warnings. Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Glenn Sarti assigned an issue to Glenn Sarti Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Glenn Sarti Assignee: Glenn Sarti Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ethan Brown Sprint: Windows 2016-04- 20 06 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Ethan Brown updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Ethan Brown Fix Version/s: PUP 4.5.0 Fix Version/s: PUP 4.4.2 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Steve Barlow updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Steve Barlow Sprint: Windows Triage 2016-04-20 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Josh Cooper updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Josh Cooper Fix Version/s: PUP 4.5.0 Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Josh Cooper updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Josh Cooper Story Points: 1 Sprint: Windows Triage Scrum Team: Windows Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at https://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Reid Vandewiele updated an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Change By: Reid Vandewiele We monkey patch OpenSSL::X509::Store#set_default_paths to load our own additional certs. Specifically in the case of code that uses Net::HTTP, however, the monkey patch is can be invoked multiple times, and on the second and subsequent invocations the cert(s) are already loaded into the object. This causes a warning to print very verbosely, obscuring useful output. Puppet faces or extensions that use Net::HTTP or open-uri can trigger these superfluous warnings. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc) -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs. For more options, visit https://groups.google.com/d/optout.
Jira (PUP-5588) Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times
Title: Message Title Reid Vandewiele created an issue Puppet / PUP-5588 Monkey patch attempts to load same certs into OpenSSL::X509::Store objects multiple times Issue Type: Bug Assignee: Unassigned Created: 2015/12/08 12:23 PM Priority: Normal Reporter: Reid Vandewiele We monkey patch OpenSSL::X509::Store#set_default_paths to load our own additional certs. Specifically in the case of code that uses Net::HTTP, however, the monkey patch is invoked multiple times, and on the second and subsequent invocations the cert(s) are already loaded into the object. This causes a warning to print very verbosely, obscuring useful output. Add Comment This message was sent by Atlassian JIRA (v6.4.12#64027-sha1:e3691cc)
