diff --git a/lib/puppet/ssl/ssl_provider.rb b/lib/puppet/ssl/ssl_provider.rb index 064d04d145c..91c47826d65 100644 --- a/lib/puppet/ssl/ssl_provider.rb +++ b/lib/puppet/ssl/ssl_provider.rb @@ -107,7 +107,7 @@ def create_system_context(cacerts:, path: Puppet[:ssl_trust_store]) # # @param cacerts [Array] Array of trusted CA certs # @param crls [Array] Array of CRLs - # @param private_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] client's private key + # @param private_key [OpenSSL::PKey::PKey] client's private key # @param client_cert [OpenSSL::X509::Certificate] client's cert whose public # key matches the `private_key` # @param revocation [:chain, :leaf, false] revocation mode @@ -126,10 +126,6 @@ def create_context(cacerts:, crls:, private_key:, client_cert:, revocation: Pupp store = create_x509_store(cacerts, crls, revocation) client_chain = verify_cert_with_store(store, client_cert) - if !private_key.is_a?(OpenSSL::PKey::RSA) && !private_key.is_a?(OpenSSL::PKey::EC) - raise Puppet::SSL::SSLError, _("Unsupported key '%{type}'") % { type: private_key.class.name } - end - unless client_cert.check_private_key(private_key) raise Puppet::SSL::SSLError, _("The certificate for '%{name}' does not match its private key") % { name: subject(client_cert) } end @@ -178,7 +174,7 @@ def load_context(certname: Puppet[:certname], revocation: Puppet[:certificate_re # of the private key, and that it hasn't been tampered with since. # # @param csr [OpenSSL::X509::Request] certificate signing request - # @param public_key [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] public key + # @param public_key [OpenSSL::PKey::PKey] public key # @raise [Puppet::SSL:SSLError] The private_key for the given `public_key` was # not used to sign the CSR. # @api private diff --git a/lib/puppet/x509/cert_provider.rb b/lib/puppet/x509/cert_provider.rb index 811c9ec13b9..738ecb9c0ac 100644 --- a/lib/puppet/x509/cert_provider.rb +++ b/lib/puppet/x509/cert_provider.rb @@ -150,7 +150,7 @@ def crl_last_update=(time) # historical reasons, names are case insensitive. # # @param name [String] The private key identity - # @param key [OpenSSL::PKey::RSA] private key + # @param key [OpenSSL::PKey::PKey] private key # @param password [String, nil] If non-nil, derive an encryption key # from the password, and use that to encrypt the private key. If nil, # save the private key unencrypted. @@ -200,7 +200,7 @@ def load_private_key(name, required: false, password: nil) # @param password [String, nil] If the private key is encrypted, decrypt # it using the password. If the key is encrypted, but a password is # not specified, then the key cannot be loaded. - # @return [OpenSSL::PKey::RSA, OpenSSL::PKey::EC] The private key + # @return [OpenSSL::PKey::PKey] The private key # @raise [OpenSSL::PKey::PKeyError] The `pem` text does not contain a valid key # # @api private @@ -271,7 +271,7 @@ def load_client_cert_from_pem(pem) # Create a certificate signing request (CSR). # # @param name [String] the request identity - # @param private_key [OpenSSL::PKey::RSA] private key + # @param private_key [OpenSSL::PKey::PKey] private key # @return [Puppet::X509::Request] The request # # @api private