Module: Puppet::SSL::CertificateAuthorityExtensions

Included in:
CertificateAuthority
Defined in:
modules/puppetmaster/files/puppet_ecdsacert.rb

Overview

Extend the signing checks

Instance Method Summary collapse

Instance Method Details

#check_internal_signing_policies(hostname, csr, options = {}) ⇒ Object 



173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
 
# File 'modules/puppetmaster/files/puppet_ecdsacert.rb', line 173

def check_internal_signing_policies(hostname, csr, options = {})
  options[:allow_dns_alt_names] = true
  options[:allow_authorization_extensions] = true
  super(hostname, csr, options)
rescue Puppet::SSL::CertificateAuthority::CertificateSigningError => e
  if e.message.start_with?("CSR '#{csr.name}' subjectAltName contains a wildcard")
    true
  elsif e.message.start_with?("CSR '#{csr.name}' contains a subjectAltName outside the DNS")
    unless csr.subject_alt_names.all? { |x| x =~ /^(DNS|IP Address):/ }
      raise
    end
    true
  else
    raise
  end
end