The Puppet Labs Issue Tracker has Moved: https://tickets.puppetlabs.com

This issue tracker is now in read-only archive mode and automatic ticket export has been disabled. Redmine users will need to create a new JIRA account to file tickets using https://tickets.puppetlabs.com. See the following page for information on filing tickets with JIRA:

Bug #9205

CRL only consulted for plugins and reports?

Added by Digant Kasundra over 4 years ago. Updated over 4 years ago.

Status:DuplicateStart date:08/25/2011
Priority:UrgentDue date:
Assignee:-% Done:

0%

Category:SSL
Target version:-
Affected Puppet version:2.6.8 Branch:
Keywords:CRL

We've Moved!

Ticket tracking is now hosted in JIRA: https://tickets.puppetlabs.com


Description

(Might be related to #9118)

We came across this in a weird way. Last night we reissued the CA certificate, which had expired. We then reissued the puppetmaster and puppetca certificate (which we had to do for RHEL4 and RHEL5 but all other systems were happy without this step). We then noticed on RHEL4 and RHEL5 that they were still complaining about cert validation, but ONLY for getting plugins and sending the report (it got a catalog and was able to get files for modules, etc, just fine). We did an strace and found this was the only times it was trying to get a CRL (and was failing). Why is this the only time the CRL was in play?


Related issues

Duplicates Puppet - Bug #9118: Puppet client does not update and does consult the crl du... Accepted 08/18/2011

History

#1 Updated by James Turnbull over 4 years ago

  • Category set to SSL
  • Status changed from Unreviewed to Needs More Information
  • Assignee set to Digant Kasundra

Digant – what version is this?

#2 Updated by James Turnbull over 4 years ago

  • Keywords set to CRL

#3 Updated by Digant Kasundra over 4 years ago

The clients were 2.6.8.

#4 Updated by Digant Kasundra over 4 years ago

  • Assignee changed from Digant Kasundra to James Turnbull

#5 Updated by James Turnbull over 4 years ago

  • Status changed from Needs More Information to Accepted
  • Assignee deleted (James Turnbull)
  • Affected Puppet version set to 2.6.8

#6 Updated by Nigel Kersten over 4 years ago

  • Status changed from Accepted to Duplicate
  • Priority changed from Normal to Urgent
  • Target version set to 2.7.x

We clearly need to be consulting the CRL for all actions that require authentication.

Closing as a dupe of #9118, with this description included.

#7 Updated by James Turnbull over 4 years ago

  • Target version deleted (2.7.x)

Also available in: Atom PDF