Hi Jeff,
> You may be running into a bug in Puppet but I'm not entirely sure yet...
> What web server are you using to terminate the SSL connection from the
> agent to the master? Is it simply the built in one provided by `puppet
> master` or are you using Apache or something?
SSL is terminated by Apache. My Apache config is similar to what comes with
puppet in ext/rack/files/apache2.conf, and contains:
RequestHeader set X-SSL-Subject %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-DN %{SSL_CLIENT_S_DN}e
RequestHeader set X-Client-Verify %{SSL_CLIENT_VERIFY}e
My puppet.conf contains:
ssl_client_header = SSL_CLIENT_S_DN_
ssl_client_verify_header = SSL_CLIENT_VERIFY
in the [master] section.
> It appears that we're not correctly parsing out the emailAddress field
> inside the subject and instead we're treating it as part of the common
> name (CN).
Yup, that's what it looks like.
Cheers,
Andrew.
--
[ a...@zx23.net ]
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
