Skip to content

[Bug]: forcing puppetserver to generate a client cert fails if csr_attributes.yaml is an empty file #44

Description

@trefzer

Is this a critical security issue?

  • This is not a security issue.

Describe the Bug

  1. touch /etc/puppetlabs/puppet/csr_attributes.yaml
  2. stop puppetserver
  3. remove /etc/puppetlabs/puppetserver/ca/signed/servername.pem
  4. remove /etc/puppetlabs/puppet/ssl/certs/servername.pem
  5. remove /etc/puppetlabs/puppet/ssl/private_keys/servername.pem
  6. remove /etc/puppetlabs/puppet/ssl/public_keys/servername.pem
  7. run: puppetserver ca generate --ca-client --certname servername --force

generates an error:

Error:
Invalid CSR attributes, expected instance of Hash, received instance of NilClass
Invalid CSR attributes, expected instance of Hash, received instance of NilClass

deleting the csr_attributes.yaml file fixes the issue.

Expected Behavior

no error ;)

Steps to Reproduce

see above

Environment

puppetserver version: 8.14.1
debian trixie

Additional Context

The empty csr_attributes.yaml file is not an issue if the openvox-agent generates a csr for the server !

Relevant log output

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions