use private key when creating x509 cert

[James-Allenby]

Pull Request (PR) description

Fixes usage of openssl::certificate::x509 where the private key was not passed into OpenSSL correctly. This could collide with L83 in lib/puppet/provider/x509_cert/openssl.rb but I don't have time to test this use case.

[zilchms]

Sorry to get back to this so late.

Why would you want to pass the key parameter when you are already passing the csr parameter? My understanding is that we have 2 cases here:

1. legacy code; we directly pass a private key and generate a csr on the fly (i kept this in, since removing it would break alot of old installations)
2. new code; we pass a csr (which should contain a valid path to a private key), then we dont need to pass in a key to generate a certificate

Am i wrong there? Do you see this differently? Additionally: If we want to pass the private key separately as parameter in addition to the csr, we should always do so and not only when we dont sign against a CA certificate

[James-Allenby]

It's been some time since I worked on this at my job but I believe this code change was for the first use case you mentioned. Without the change, puppet happily attempt to create a certificate with OpenSSL but will error because no key was specified.

[ekohl]

186 was merged.