Comments (4)
raphink
commented on June 23, 2024
@cjeanneret care to comment on that?
from puppet-openssl.
lathiat
commented on June 23, 2024
Pull request for this above, this change is working for me.
I was trying to write a test to verify this behaviour, however as it is handled inside the openssl binary we can't simply trap the existing calls as best I can tell. I'd need to re-open the file and verify the signature, and it was not clear for me how to do this.
If someone can guide me to running a command and verifying the output I'd gladly add it in.
Example verification:
openssl req -in subject.csr -noout -text|grep "Signature Algorithm"
Signature Algorithm: sha256WithRSAEncryption
In the mean time if you want to work around this issue, you can simply clone cert.cnf.erb into your module/manifest, and then pass cnf_tpl to openssl::certificate::x509
from puppet-openssl.
cjeanneret
commented on June 23, 2024
No real meaning for a unit-test on this particular point. It might have been a variable though, but enforcing good practices is better.
I'm pretty sure this kind of test cannot be done as a "standard unit-test", but with an acceptance test, where puppet is really applied, creating files and so on so that we can check them "in place". Basically, the acceptance test would call ruby native SSL lib in order to get certificate info. Maybe a bit overkill in this case ;).
from puppet-openssl.
lathiat
commented on June 23, 2024
Thanks for merging, and the notes about the test.
from puppet-openssl.
Related Issues (20)
- Wrong variable type in template HOT 7
- 1.13.0 introduced bug in `openssl::export::pkcs12` HOT 1
- RFE: Allow DER certs to be converted to PEM format HOT 1
- openssl pkcs12 export leaks password
- PKCS12 export not rebuit when inputs change
- PKCS12 export lists out_pass as optional when it isn't
- openssl_version fact resolves to nil HOT 1
- feature request: function to read certificate expiration date
- feature request: support for fullchain certificate stores
- openssl_version fact resolves to nil HOT 1
- feature request: manage certificate authority and allow signing certs with a CA
- feature request: make keys and certificates exportable HOT 1
- Bug/Maintenance in/for configuration templates HOT 1
- Move on from puppet6
- Replace expired certificate? HOT 1
- Dead code
- Regenerate dhparams if the key size has changed HOT 2
- ssl_pkey should default to ensure=>present HOT 2
- ssl_pkey file permissions should default to 0600 and should be changeable HOT 3
- Add ability to specify IP subject alternate names HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from puppet-openssl.