Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PUP-11856) State machine renews host cert #9075

Merged
merged 5 commits into from
Jun 27, 2023
Merged

(PUP-11856) State machine renews host cert #9075

merged 5 commits into from
Jun 27, 2023

Conversation

mhashizume
Copy link
Contributor

This commit adds a new NeedRenewedCert class and related logic to the state machine to handle automatic host/client certificate renewal.

@mhashizume mhashizume force-pushed the PUP-11856/main/state-machine-renew branch 2 times, most recently from de3d44e to 86b02e7 Compare June 27, 2023 00:02
@mhashizume mhashizume force-pushed the PUP-11856/main/state-machine-renew branch 3 times, most recently from 823cfbf to c317f95 Compare June 27, 2023 21:21
@mhashizume mhashizume marked this pull request as ready for review June 27, 2023 21:26
@mhashizume mhashizume requested a review from a team as a code owner June 27, 2023 21:26
@mhashizume mhashizume force-pushed the PUP-11856/main/state-machine-renew branch from c317f95 to 5396d4e Compare June 27, 2023 22:23
@mhashizume mhashizume force-pushed the PUP-11856/main/state-machine-renew branch from 5396d4e to 1a50213 Compare June 27, 2023 22:52
@mhashizume
(PUP-11856) State machine renews host cert
7aec0c7 
This commit adds a new NeedRenewedCert class and related logic to the
state machine to handle automatic host/client certificate renewal.
@mhashizume
(maint) Correct method documentation
7a7852f
@mhashizume
(maint) Update test_ca
13fb548 
Previously, the build_cert method in Puppet::TestCa needed special logic
for the Eliptical Curve class: ruby/openssl#29

This issue was resolved in OpenSSL 2.0, which was released in 2016,
meaning that all versions of Ruby that Puppet supports includes
Ruby/OpenSSL >= 2.0.

This commit removes special logic for EC in Puppet::TestCa.
@mhashizume
(maint) Correct method documentation
62f9948
@mhashizume
(PUP-11856) Update SSL fixtures
c5370df 
This commit does three things:

- Update the CA library to enable resuing an SSL private key when
  generating a certificate;
- Enable the certificate generating Rake task to generate a new
  "renewed" certificate to support testing automatic certificate
renewal;
- Regenerate all of the SSL test fixtures using that Rake task.
@mhashizume mhashizume force-pushed the PUP-11856/main/state-machine-renew branch from 1a50213 to c5370df Compare June 27, 2023 22:58
@mhashizume mhashizume merged commit 0b9e1ac into puppetlabs:main Jun 27, 2023
9 checks passed
@mhashizume mhashizume deleted the PUP-11856/main/state-machine-renew branch June 27, 2023 23:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joshcooper joshcooper joshcooper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mhashizume @joshcooper