rtib
commented
7 months ago This PR, also embracing #177, is fixing only the first part of #178, but leaves the second part open and still producing the issue
Info: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[hostcert]/X509_request[/etc/ssl/certs/hostcert.csr]: Scheduling refresh of X509_cert[/etc/ssl/certs/hostcert.crt]
Error: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/hostcert.csr -out /etc/ssl/certs/hostcert.crt -extfile /etc/ssl/certs/hostcert.cnf' returned 1: Error Loading extension section default
139636029801792:error:22097082:X509 V3 routines:do_ext_nconf:unknown extension name:../crypto/x509v3/v3_conf.c:78:
139636029801792:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=HOME, value=.
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[hostcert]/X509_cert[/etc/ssl/certs/hostcert.crt]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/hostcert.csr -out /etc/ssl/certs/hostcert.crt -extfile /etc/ssl/certs/hostcert.cnf' returned 1: Error Loading extension section default
139636029801792:error:22097082:X509 V3 routines:do_ext_nconf:unknown extension name:../crypto/x509v3/v3_conf.c:78:
139636029801792:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=HOME, value=. (corrective)
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[hostcert]/X509_cert[/etc/ssl/certs/hostcert.crt]: Failed to call refresh: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/hostcert.csr -out /etc/ssl/certs/hostcert.crt -extfile /etc/ssl/certs/hostcert.cnf' returned 1: Error Loading extension section default
140650929960256:error:22097082:X509 V3 routines:do_ext_nconf:unknown extension name:../crypto/x509v3/v3_conf.c:78:
140650929960256:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=HOME, value=.
Error: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[hostcert]/X509_cert[/etc/ssl/certs/hostcert.crt]: Execution of '/usr/bin/openssl x509 -req -days 365 -in /etc/ssl/certs/hostcert.csr -out /etc/ssl/certs/hostcert.crt -extfile /etc/ssl/certs/hostcert.cnf' returned 1: Error Loading extension section default
140650929960256:error:22097082:X509 V3 routines:do_ext_nconf:unknown extension name:../crypto/x509v3/v3_conf.c:78:
140650929960256:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:../crypto/x509v3/v3_conf.c:47:name=HOME, value=.
Notice: /Stage[main]/Roles_test::Cert/Openssl::Certificate::X509[hostcert]/File[/etc/ssl/certs/hostcert.crt]: Dependency X509_cert[/etc/ssl/certs/hostcert.crt] has failures: trueI'd suggest to address this in a separate PR.
Pull Request (PR) description
Some bugfixes and improving refactoring.
This Pull Request (PR) fixes the following issues
Fixes config template issue which partly Fixes #178 Improves transparency of default values of openssl::certificate::x509 Makes DN attributes optional moving the API towards RFC5280