Closed James-Allenby closed 3 months ago
Sorry to get back to this so late.
Why would you want to pass the key parameter when you are already passing the csr parameter? My understanding is that we have 2 cases here:
Am i wrong there? Do you see this differently? Additionally: If we want to pass the private key separately as parameter in addition to the csr, we should always do so and not only when we dont sign against a CA certificate
It's been some time since I worked on this at my job but I believe this code change was for the first use case you mentioned. Without the change, puppet happily attempt to create a certificate with OpenSSL but will error because no key was specified.
Pull Request (PR) description
Fixes usage of
openssl::certificate::x509
where the private key was not passed into OpenSSL correctly. This could collide with L83 inlib/puppet/provider/x509_cert/openssl.rb
but I don't have time to test this use case.