Class: Puppet::SSL::VerifierAdapter

Inherits:

Object

• Object
• Puppet::SSL::VerifierAdapter

Defined in:

lib/puppet/ssl/verifier_adapter.rb

Overview

Allows a ‘Puppet::SSL::Validator` to be used in situations where a `Verifier` is required, while preserving the legacy validator behavior of:

• Loading CA certs from ‘ssl_client_ca_auth` or `localcacert`

• Verifying each cert in the peer’s chain is contained in the file loaded above.

Instance Attribute Summary

• #validator ⇒ Object readonly

  Returns the value of attribute validator.

Instance Method Summary

• #handle_connection_error(http, error) ⇒ Object

  Handle an SSL connection error.

• #initialize(validator) ⇒ VerifierAdapter constructor

  A new instance of VerifierAdapter.

• #reusable?(verifier) ⇒ Boolean

  Return true if ‘self` is reusable with `verifier` meaning they are both using the same class of `Puppet::SSL::Validator`.

• #setup_connection(http) ⇒ Object private

  Configure the ‘http` connection based on the current `ssl_context`.

Constructor Details

#initialize(validator) ⇒ VerifierAdapter

Returns a new instance of VerifierAdapter.

# File 'lib/puppet/ssl/verifier_adapter.rb', line 11

def initialize(validator)
  @validator = validator
end

Instance Attribute Details

#validator ⇒ Object (readonly)

Returns the value of attribute validator.

# File 'lib/puppet/ssl/verifier_adapter.rb', line 9

def validator
  @validator
end

Instance Method Details

#handle_connection_error(http, error) ⇒ Object

Handle an SSL connection error.

Parameters:

• http (Net::HTTP) —

  connection

• error (OpenSSL::SSL::SSLError) —

  connection error

Raises:

• (Puppet::SSL::CertVerifyError) —

  SSL connection failed due to a verification error with the server’s certificate or chain

• (Puppet::Error) —

  server hostname does not match certificate

• (OpenSSL::SSL::SSLError) —

  low-level SSL connection failure

# File 'lib/puppet/ssl/verifier_adapter.rb', line 45

def handle_connection_error(http, error)
  Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
end

#reusable?(verifier) ⇒ Boolean

Return true if ‘self` is reusable with `verifier` meaning they are both using the same class of `Puppet::SSL::Validator`. In this case we only care the Validator class is the same. We can’t require the same instances, because a new instance is created each time HttpPool.http_instance is called.

Parameters:

• verifier (Puppet::SSL::Verifier) —

  the verifier to compare against

Returns:

• (Boolean) —

  return true if a cached connection can be used, false otherwise

# File 'lib/puppet/ssl/verifier_adapter.rb', line 23

def reusable?(verifier)
  verifier.instance_of?(self.class) &&
    verifier.validator.instance_of?(@validator.class)
end

#setup_connection(http) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the ‘http` connection based on the current `ssl_context`.

Parameters:

• http (Net::HTTP) —

  connection

# File 'lib/puppet/ssl/verifier_adapter.rb', line 32

def setup_connection(http)
  @validator.setup_connection(http)
end