(It's a tiny tiny edge case, just making sure this is in the mailing list archives here too.)
https://github.com/jruby/jruby/issues/5746 In short, JRuby-OpenSSL (actually using Bouncy Castle) will parse certs ending in both ways noted in the diff below, whereas actual OpenSSL won't. $ diff test1a.pem test1b.pemĀ 20c20 < -----END CERTIFICATE----- --- > -----END CERTIFICATE---- If you were intending that certs validated using a ruby function on the Puppetserver during catalog compilation would always be useful in production, you may very intermittently be disappointed. [root@puppetmaster2 ~]# openssl x509 -in /tmp/test1b.pem unable to load certificate 139748268332944:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815: [root@puppetmaster2 ~]# /opt/puppetlabs/server/bin/puppetserver irb irb(main):001:0> require 'openssl' => true irb(main):002:0> c = File.read('/tmp/test1b.pem') => "-----BEGIN CERTIFICATE----- \nMIIDVzCCAj+gAwIBAgIJAMXhmW2H4rU0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV\nBAY TAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg\nQ29tcGFu eSBMdGQwHhcNMTkwNTI3MTUzMDU0WhcNMjAwNTI2MTUzMDU0WjBCMQsw\nCQYDVQQGEwJYW DEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh\ndWx0IENvbXBhbnkgTH RkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nwiiWr0JesxM4e0YVsWz0wAA oYrw2TIaHwg0hZVeX6R1NOLfApeDAbLLsEzO2G9Tj\n6IuzxaMYzpRCJoSxe7iyttY9M6Z/ OmlidMeBscRrEgR0YfSUC5szl4zHs3o1eML2\nVAUYgmFu/nTrvPiznrIyLuPT/GrDKqZvK yj9h4/YX6oE+DeXGbdJ2Z9o3dXxlSgJ\n8c6gqU+7IUkSO7CTpm4q3w/vHCFB+XfgJ6VJ3g 2sSlsWM/Pmax47g14I+UgsFMGj\nG0n4T6Nv6Kgen3GXUGfBoqtlBYpDQHcQljWXhuXQynn zSwDBYJkychIhpnuxjtn4\nRZV1h5TrRqPDEuKC/zxKoQIDAQABo1AwTjAdBgNVHQ4EFgQU DJdr9taJqUSJh0uX\n9oanZJlx5ewwHwYDVR0jBBgwFoAUDJdr9taJqUSJh0uX9oanZJlx5 ewwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARGsherQt9G7xaZ/EKCarZD hOCVqV\nUXSZ4vkIEdPsNpvsPq07MPlMt9dePvcrtwlpy9JzxT3YSDOkJGIL71WrzRr4xCS r\nJ9FqB64beHKjYgiZ1eJiLYveRBXBnDzpLfctjzT4r0xwnZjnFfbNHRnpO9tz4sc0\ne8 0j3yG1968u+8LhShd3Jl/3AY/g3+VgzGuAPgLYzAObHigWS8yME9HPBBHAIeKx\nkXwZ4hi DaBh6q3UXD0IgSp3V7izQK3ScM2PDyrFDsLEg+R7YdnofWCbMiTc3uEVC\nq/+dXqnGIeBz b4BrV0iYsbxCEdR6b9cF2ACoycFSs5nFLxz906yAvdeoFA==\n-----END CERTIFICATE- ---\n" irb(main):003:0> OpenSSL::X509::Certificate.new(c) => #<OpenSSL::X509::Certificate:0x57dee2b9 subject=/C=XX/L=Default City/O=Default Company Ltd, issuer=/C=XX/L=Default City/O=Default Company Ltd, serial=14258846590941967668, not_before=2019-05-27 15:30:54 UTC, not_after=2020-05-26 15:30:54 UTC> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1558980169.19664.5.camel%40pobox.com. For more options, visit https://groups.google.com/d/optout.
