Le 2025-02-19 à 15 h 53, Calum McConnell a écrit :
I've forwarded this bug upstream[1]; it seems obvious that the
certificates need to be regenerated, but there are quite a few of them,
and some of them have been expired for some time.
Upstream hasn't updated in a few years, which is a bit concerning, but puppetlabs software in general seems well-maintained; I've CC'd the
relevant maintainers. This issue shouldn't be too difficult to fix, especially for people who actually know how to use openssl.
Shipping x509 certificates among test fixtures has been a staple for
Puppetlabs projects including Puppetserver and PuppetDB, and
unfortunately, there's reason to believe upstream will not be addressing
these issues [0].
A fork is taking shape [1] but it's going to take a while before it
takes over the maintenance of all these bits.
I've fixed the issue in Debian for Puppetserver with a patch that
refactors a script to regenerate the full suite of test certs [2], but
its a time-consuming process. My plan was to introduce a similar script
to ssl-utils-clojure at some point before the trixie freeze.
-- Jérôme
[0]
https://www.puppet.com/blog/open-source-puppet-updates-2025
[1]
https://overlookinfratech.com/2025/01/21/first-release-hot-off-the-presses/
[2]
https://sources.debian.org/src/puppetserver/8.7.0-3/debian/patches/improve_regen_certs_script.patch/
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)