Method: Puppet::SSL::Verifier#handle_connection_error

Defined in:
lib/puppet/ssl/verifier.rb

#handle_connection_error(http, error) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

This method is called if ‘Net::HTTP#start` raises an exception, which could be a result of an openssl error during cert verification, due to ruby’s ‘Socket#post_connection_check`, or general SSL connection error.

Parameters:

  • http (Net::HTTP)

    connection

  • error (OpenSSL::SSL::SSLError)

    connection error

Raises:

  • (Puppet::SSL::CertVerifyError)

    SSL connection failed due to a verification error with the server’s certificate or chain

  • (Puppet::Error)

    server hostname does not match certificate

  • (OpenSSL::SSL::SSLError)

    low-level SSL connection failure



64
65
66
67
68
69
70
71
72
73
74
 
# File 'lib/puppet/ssl/verifier.rb', line 64

def handle_connection_error(http, error)
  raise @last_error if @last_error

  # ruby can pass SSL validation but fail post_connection_check
  peer_cert = http.peer_cert
  if peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, @hostname)
    raise Puppet::SSL::CertMismatchError.new(peer_cert, @hostname)
  else
    raise error
  end
end