Sha256: 361fc460b44621c62c2dd7741866900c9bd83dabe184969904daf8013af1c05e

Contents?: true

Size: 1.9 KB

Versions: 76

Compression:

Stored size: 1.9 KB

Contents

# Allows a `Puppet::SSL::Validator` to be used in situations where a
# `Verifier` is required, while preserving the legacy validator behavior of:
#
# * Loading CA certs from `ssl_client_ca_auth` or `localcacert`
# * Verifying each cert in the peer's chain is contained in the file
#   loaded above.
#
class Puppet::SSL::VerifierAdapter
  attr_reader :validator

  def initialize(validator)
    @validator = validator
  end

  # Return true if `self` is reusable with `verifier` meaning they
  # are both using the same class of `Puppet::SSL::Validator`. In this
  # case we only care the Validator class is the same. We can't require
  # the same instances, because a new instance is created each time
  # HttpPool.http_instance is called.
  #
  # @param verifier [Puppet::SSL::Verifier] the verifier to compare against
  # @return [Boolean] return true if a cached connection can be used, false otherwise
  def reusable?(verifier)
    verifier.instance_of?(self.class) &&
      verifier.validator.instance_of?(@validator.class)
  end

  # Configure the `http` connection based on the current `ssl_context`.
  #
  # @param http [Net::HTTP] connection
  # @api private
  def setup_connection(http)
    @validator.setup_connection(http)
  end

  # Handle an SSL connection error.
  #
  # @param http [Net::HTTP] connection
  # @param error [OpenSSL::SSL::SSLError] connection error
  # @return (see Puppet::SSL::Verifier#handle_connection_error)
  # @raise [Puppet::SSL::CertVerifyError] SSL connection failed due to a
  #   verification error with the server's certificate or chain
  # @raise [Puppet::Error] server hostname does not match certificate
  # @raise [OpenSSL::SSL::SSLError] low-level SSL connection failure
  def handle_connection_error(http, error)
    raise @validator.last_error if @validator.respond_to?(:last_error) && @validator.last_error

    Puppet::Util::SSL.handle_connection_error(error, @validator, http.address)
  end
end

Version data entries

76 entries across 76 versions & 1 rubygems

Version Path
puppet-6.15.0 lib/puppet/ssl/verifier_adapter.rb
puppet-6.15.0-x86-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.15.0-x64-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.15.0-universal-darwin lib/puppet/ssl/verifier_adapter.rb
puppet-6.14.0 lib/puppet/ssl/verifier_adapter.rb
puppet-6.14.0-x86-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.14.0-x64-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.14.0-universal-darwin lib/puppet/ssl/verifier_adapter.rb
puppet-6.13.0 lib/puppet/ssl/verifier_adapter.rb
puppet-6.13.0-x86-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.13.0-x64-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.13.0-universal-darwin lib/puppet/ssl/verifier_adapter.rb
puppet-6.12.0 lib/puppet/ssl/verifier_adapter.rb
puppet-6.12.0-x86-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.12.0-x64-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.4.5 lib/puppet/ssl/verifier_adapter.rb
puppet-6.4.5-x86-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.4.5-x64-mingw32 lib/puppet/ssl/verifier_adapter.rb
puppet-6.4.5-universal-darwin lib/puppet/ssl/verifier_adapter.rb
puppet-6.12.0-universal-darwin lib/puppet/ssl/verifier_adapter.rb