Issue #18978 has been updated by Matthaus Owens.
Released in Puppet 3.2.0-rc1 ---------------------------------------- Bug #18978: Puppet windows agents can't authenticate third-party SSL servers https://projects.puppetlabs.com/issues/18978#change-89559 * Author: Josh Cooper * Status: Closed * Priority: Normal * Assignee: * Category: * Target version: 3.2.0 * Affected Puppet version: 2.7.6 * Keywords: ssl windows * Branch: https://github.com/puppetlabs/puppet/pull/1439 ---------------------------------------- On *nix, the method `OpenSSL::X509::Store#set_default_paths` enables openssl to load root certificates from the system default locations, e.g. cacerts. This enables puppet agents to connect to and authenticate SSL servers that are not the puppetmaster, such as forge.puppetlabs.com. It also applies to SSL connections that the puppetmaster makes, e.g. SSL database connections. However, on windows, the call to `set_default_paths` doesn't do anything. A patch was submitted to ruby for this <http://bugs.ruby-lang.org/issues/show/2586> but rejected as it's an openssl issue. A patch was submitted to openssl <https://groups.google.com/d/topic/mailing.openssl.dev/6xi1itn7nks/discussion> but nothing has become of it. See also puppet-dev discussion <https://groups.google.com/d/topic/puppet-dev/9mxjmHiFGgc/discussion> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-bugs+unsubscr...@googlegroups.com. To post to this group, send email to puppet-bugs@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.