The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

Bug #13957

puppetca revoke doesn't work as advertised

Added by konrad rzentarzewski over 2 years ago. Updated almost 2 years ago.

Status:DuplicateStart date:04/16/2012
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:SSL
Target version:-
Affected Puppet version:2.7.13 Branch:
Keywords:

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com

This issue is currently not available for export. If you are experiencing the issue described below, please file a new ticket in JIRA. Once a new ticket has been created, please add a link to it that points back to this Redmine ticket.


Description

<1>root@punch(1)~$ puppetca --revoke 0x009f err: Could not call revoke: Could not find a serial number for 0x009f <1>root@punch(2)~$ puppetca --revoke 0x9f err: Could not call revoke: Could not find a serial number for 0x9f <1>root@punch(3)~$ puppetca --revoke 159 err: Could not call revoke: Could not find a serial number for 159 <1>root@punch(4)~$ grep 0x009f /var/lib/puppet/ssl/ca/inventory.txt 0x009f 2010-05-09T22:22:40GMT 2015-05-08T22:22:40GMT /CN=test.non.3dart.com <3>root@punch(5)~$ puppetca --help [snip] * revoke: Revoke the certificate of a client. The certificate can be specified either by its serial number (given as a decimal number or a hexadecimal number prefixed by '0x') or by its hostname. The certificate is revoked by adding it to the Certificate Revocation List given by the 'cacrl' configuration option. Note that the puppet master needs to be restarted after revoking certificates. [snip]

puppet-2.7.13-13957.patch Magnifier (922 Bytes) konrad rzentarzewski, 04/16/2012 10:00 am


Related issues

Duplicated by Puppet - Bug #16798: CA SSL certificate revoke doesn't allow specification by ... Closed 10/05/2012

History

#1 Updated by konrad rzentarzewski over 2 years ago

<1>root@punch(1)~$ puppetca --revoke 0x009f
err: Could not call revoke: Could not find a serial number for 0x009f
<1>root@punch(2)~$ puppetca --revoke 0x9f
err: Could not call revoke: Could not find a serial number for 0x9f
<1>root@punch(3)~$ puppetca --revoke 159
err: Could not call revoke: Could not find a serial number for 159
<1>root@punch(4)~$ grep 0x009f /var/lib/puppet/ssl/ca/inventory.txt 
0x009f 2010-05-09T22:22:40GMT 2015-05-08T22:22:40GMT /CN=test.non.3dart.com
<3>root@punch(5)~$ puppetca --help
[snip]
* revoke:
Revoke the certificate of a client. The certificate can be specified
either by its serial number (given as a decimal number or a
hexadecimal number prefixed by '0x') or by its hostname. The
certificate is revoked by adding it to the Certificate Revocation List
given by the 'cacrl' configuration option. Note that the puppet master
needs to be restarted after revoking certificates.
[snip]

#2 Updated by konrad rzentarzewski over 2 years ago

the following patch fixed the problem.

#3 Updated by Kelsey Hightower over 2 years ago

  • Status changed from Unreviewed to Needs More Information
  • Assignee set to konrad rzentarzewski

Konrad,

Thanks for the patch, do you mind submitting a pull request following our development process? It would make it a lot easier to give the patch a proper review.

#4 Updated by konrad rzentarzewski over 2 years ago

  • Status changed from Needs More Information to In Topic Branch Pending Review
  • Assignee changed from konrad rzentarzewski to Kelsey Hightower

if i understand github inner workings correctly it should be available for merge in master.

https://github.com/puppetlabs/puppet/pull/678

#5 Updated by Kelsey Hightower about 2 years ago

  • Assignee deleted (Kelsey Hightower)

#6 Updated by Jeff McCune almost 2 years ago

  • Status changed from In Topic Branch Pending Review to Duplicate

Duplicate issue

I know this issue is the older issue, but the pull request associated with #16798 “won out” because it contains test coverage. I’m going to mark this issue as a duplicate of #16798. We definitely accept this as a bug and will be working to fix this issue. Please mark yourself as a watcher of #16798 to receive updates regarding the progress of this issue.

-Jeff

Also available in: Atom PDF