search

voxpupuli / puppet-archive

Compressed archive file download and extraction with native types/providers for Windows and Unix
https://forge.puppet.com/puppet/archive
Apache License 2.0
59 stars 176 forks source link

Use ssl_trust_store from puppet.conf on Windows #467

Open southalc opened 2 years ago

southalc commented 2 years ago

Pull Request (PR) description

The Windows Puppet agent fails to download archive resources due to SSL validation failure when the "source" is using a certificate issued by a private CA. The failure occurs even when the Puppet agent is configured with a custom "ssl_trust_store" that contains the CA chain.

This patch changes the Windows download behavior by defining the following order for the SSL trust store:

  1. The "ssl_trust_store" setting from the "agent" section of "puppet.conf"
  2. The "SSL_CERT_FILE" value from the runtime environment
  3. The module-bundled ".pem" file as a last resort.

This Pull Request (PR) fixes the following issues

Fixes issue reported at: https://tickets.puppetlabs.com/browse/PUP-11349

southalc commented 2 years ago

Checking in on this pull request. I noticed the "needs-tests" label was added, but it doesn't look like the current implementation has any unit tests for SSL connections. This change maintains the current behavior and only enables an override of the default SSL trust file used by the Windows agent. What are we looking for in tests?