Class: Puppet::SSL::Configuration

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet/ssl/configuration.rb

Overview

Puppet::SSL::Configuration is intended to separate out the following concerns:

  • CA certificates that authenticate peers (ca_auth_file)

  • Who clients trust as distinct from who servers trust. We should not assume one single self signed CA cert for everyone.

Instance Method Summary collapse

Constructor Details

#initialize(localcacert, options = {}) ⇒ Configuration

Returns a new instance of Configuration.



10
11
12
13
# File 'lib/puppet/ssl/configuration.rb', line 10

def initialize(localcacert, options={})
  @localcacert = localcacert
  @ca_auth_file = options[:ca_auth_file]
end

Instance Method Details

#ca_auth_certificatesArray<OpenSSL::X509::Certificate>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

ca_auth_certificates returns an Array of OpenSSL::X509::Certificate instances intended to be used in the connection verify_callback. This method loads and parses the #ca_auth_file from the filesystem.

Returns:

  • (Array<OpenSSL::X509::Certificate>)


34
35
36
# File 'lib/puppet/ssl/configuration.rb', line 34

def ca_auth_certificates
  @ca_auth_certificates ||= decode_cert_bundle(read_file(ca_auth_file))
end

#ca_auth_fileObject

The ca_auth_file method is intended to return the PEM bundle of CA certs used to authenticate peer connections.



22
23
24
# File 'lib/puppet/ssl/configuration.rb', line 22

def ca_auth_file
  @ca_auth_file || @localcacert
end

#ca_chain_fileObject

Deprecated.

Use #ca_auth_file instead.



16
17
18
# File 'lib/puppet/ssl/configuration.rb', line 16

def ca_chain_file
  ca_auth_file
end