Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

(PIE-818) Allow Ignore System Certificate Store #137

Merged
merged 1 commit into from
Aug 20, 2021
Merged

(PIE-818) Allow Ignore System Certificate Store #137

merged 1 commit into from
Aug 20, 2021

Conversation

RandomNoun7
Copy link
Contributor

This change allows a user to provide a ca certificate file that
overrides the system trusted certificate store entirely.

Prior to this change, a ca certificate file provided to the ssl_ca
parameter was only a supplement to the system certificates store. This
could cause an issue where the system certificate store contained
invalid certificates and would cause certificate validation of the
splunk_hec end point to fail before the provided ssl_ca file was
checked.

This change fixes that bug by ensuring that only the provided file is
used for verification.

Summary

Detailed Description

Checklist

[ ] Draft PR?
[ ] Ensure README is updated
[ ] Any changes to existing documentation
[ ] Anything new added
[ ] Link to external Puppet documentation
[ ] Review Support Playbook for any needed updates
[ ] Tags
[ ] Unit Tests
[ ] Acceptance Tests
[ ] PR title is "(Ticket|Maint) Short Description"
[ ] Commit title matches PR title

@RandomNoun7 RandomNoun7 requested a review from a team as a code owner August 12, 2021 19:18
@puppet-community-rangefinder
Copy link

splunk_hec is a class

that may have no external impact to Forge modules.

This module is declared in 2 of 578 indexed public Puppetfiles.

These results were generated with Rangefinder, a tool that helps predict the downstream impact of breaking changes to elements used in Puppet modules. You can run this on the command line to get a full report.

Exact matches are those that we can positively identify via namespace and the declaring modules' metadata. Non-namespaced items, such as Puppet 3.x functions, will always be reported as near matches only.

@RandomNoun7
(PIE-818) Allow Ignore System Certificate Store
1044ab8 
This change allows a user to provide a ca certificate file that
overrides the system trusted certificate store entirely.

Prior to this change, a ca certificate file provided to the `ssl_ca`
parameter was only a supplement to the system certificates store. This
could cause an issue where the system certificate store contained
invalid certificates and would cause certificate validation of the
splunk_hec end point to fail before the provided `ssl_ca` file was
checked.

This change fixes that bug by ensuring that only the provided file is
used for verification.
@RandomNoun7 RandomNoun7 force-pushed the PIE-818-ignore-system-cert-store branch from 9bfe375 to 1044ab8 Compare August 20, 2021 17:56
@nam054 nam054 merged commit 4584d3e into puppetlabs:main Aug 20, 2021
@RandomNoun7 RandomNoun7 deleted the PIE-818-ignore-system-cert-store branch August 20, 2021 20:02
@coreymbe coreymbe mentioned this pull request Jun 30, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nam054 nam054 nam054 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@RandomNoun7 @nam054