vendored/puppet/lib/puppet/network/http/connection.rb in bolt-0.21.1 vs vendored/puppet/lib/puppet/network/http/connection.rb in bolt-0.21.2
- old
+ new
@@ -223,12 +223,11 @@
retry_sleep = parse_retry_after_header(retry_after)
# Recover remote hostname if Net::HTTPResponse was generated by a
# method that fills in the uri attribute.
#
- # TODO: Drop the respond_to? check when support for Ruby 1.9.3 is dropped.
- server_hostname = if response.respond_to?(:uri) && response.uri.is_a?(URI)
+ server_hostname = if response.uri.is_a?(URI)
response.uri.host
else
# TRANSLATORS: Used in the phrase:
# "Received a response from the remote server."
_('the remote server')
@@ -312,29 +311,9 @@
@pool.with_connection(site, @verify) do |conn|
response = yield conn
end
response
rescue OpenSSL::SSL::SSLError => error
- # can be nil
- peer_cert = @verify.peer_certs.last
-
- if error.message.include? "certificate verify failed"
- msg = error.message
- msg << ": [" + @verify.verify_errors.join('; ') + "]"
- raise Puppet::Error, msg, error.backtrace
- elsif peer_cert && !OpenSSL::SSL.verify_certificate_identity(peer_cert, site.host)
- valid_certnames = [peer_cert.subject.to_s.sub(/.*=/, ''),
- *Puppet::SSL::Certificate.subject_alt_names_for(peer_cert)].uniq
- if valid_certnames.size > 1
- expected_certnames = _("expected one of %{certnames}") % { certnames: valid_certnames.join(', ') }
- else
- expected_certnames = _("expected %{certname}") % { certname: valid_certnames.first }
- end
-
- msg = _("Server hostname '%{host}' did not match server certificate; %{expected_certnames}") % { host: site.host, expected_certnames: expected_certnames }
- raise Puppet::Error, msg, error.backtrace
- else
- raise
- end
+ Puppet::Util::SSL.handle_connection_error(error, @verify, site.host)
end
end
end