Class: Puppet::SSL::VerifierAdapter

Inherits:
Object
  • Object
show all
Defined in:
lib/puppet/ssl/verifier_adapter.rb

Overview

Allows a `Puppet::SSL::Validator` to be used in situations where a `Verifier` is required, while preserving the legacy validator behavior of:

  • Loading CA certs from `ssl_client_ca_auth` or `localcacert`

  • Verifying each cert in the peer's chain is contained in the file loaded above.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(validator) ⇒ VerifierAdapter


11
12
13
# File 'lib/puppet/ssl/verifier_adapter.rb', line 11

def initialize(validator)
  @validator = validator
end

Instance Attribute Details

#validatorObject (readonly)

Returns the value of attribute validator


9
10
11
# File 'lib/puppet/ssl/verifier_adapter.rb', line 9

def validator
  @validator
end

Instance Method Details

#handle_connection_error(http, error) ⇒ Object

Handle an SSL connection error.

Raises:

  • (Puppet::SSL::CertVerifyError)

    SSL connection failed due to a verification error with the server's certificate or chain

  • (Puppet::Error)

    server hostname does not match certificate

  • (OpenSSL::SSL::SSLError)

    low-level SSL connection failure


45
46
47
48
49
# File 'lib/puppet/ssl/verifier_adapter.rb', line 45

def handle_connection_error(http, error)
  raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error

  Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
end

#reusable?(verifier) ⇒ Boolean

Return true if `self` is reusable with `verifier` meaning they are both using the same class of `Puppet::SSL::Validator`. In this case we only care the Validator class is the same. We can't require the same instances, because a new instance is created each time HttpPool.http_instance is called.


23
24
25
26
# File 'lib/puppet/ssl/verifier_adapter.rb', line 23

def reusable?(verifier)
  verifier.instance_of?(self.class) &&
    verifier.validator.instance_of?(@validator.class)
end

#setup_connection(http) ⇒ Object

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Configure the `http` connection based on the current `ssl_context`.


32
33
34
# File 'lib/puppet/ssl/verifier_adapter.rb', line 32

def setup_connection(http)
  @validator.setup_connection(http)
end