Open southalc opened 2 years ago
Checking in on this pull request. I noticed the "needs-tests" label was added, but it doesn't look like the current implementation has any unit tests for SSL connections. This change maintains the current behavior and only enables an override of the default SSL trust file used by the Windows agent. What are we looking for in tests?
Pull Request (PR) description
The Windows Puppet agent fails to download archive resources due to SSL validation failure when the "source" is using a certificate issued by a private CA. The failure occurs even when the Puppet agent is configured with a custom "ssl_trust_store" that contains the CA chain.
This patch changes the Windows download behavior by defining the following order for the SSL trust store:
This Pull Request (PR) fixes the following issues
Fixes issue reported at: https://tickets.puppetlabs.com/browse/PUP-11349