You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My analysis unveiled, that neither the if nor the elsif branches are ever executed. This is because the ini_file's initialize method does not read and parse the file itself, thus each call to its get_section method is returning nil.
An instance of Puppet::Util::IniConfig::PhysicalFile would need the invocation of its read method to read and parse the file, but that's never happen. Using this class to parse an OpenSSL config file constructed by this module's templates/cert.cnf.epp would, however, end up raising IniParseError with the message Property with key HOME outside of a section from puppet/util/inifile.rb#L185. AFAIK, there is no specification for the format of ini files, however, Microsoft and OpenSSL seem to treat them differently. Nevertheless, Puppet::Util::IniConfig::PhysicalFile.parse method does not support keys before the first section header, thus it seems not suitable for parsing OpenSSL style config files.
In that sense the old_cert_is_equal method of the x509_cert openssl provider would need to be reviewed.
The text was updated successfully, but these errors were encountered:
I was reviewing the below code, because of suspected failing its purpose:
puppet-openssl/lib/puppet/provider/x509_cert/openssl.rb
Lines 45 to 54 in 8915708
My analysis unveiled, that neither the if nor the elsif branches are ever executed. This is because the
ini_file's initialize method does not read and parse the file itself, thus each call to its get_section method is returning nil.An instance of
Puppet::Util::IniConfig::PhysicalFilewould need the invocation of its read method to read and parse the file, but that's never happen. Using this class to parse an OpenSSL config file constructed by this module's templates/cert.cnf.epp would, however, end up raisingIniParseErrorwith the messageProperty with key HOME outside of a sectionfrom puppet/util/inifile.rb#L185. AFAIK, there is no specification for the format of ini files, however, Microsoft and OpenSSL seem to treat them differently. Nevertheless, Puppet::Util::IniConfig::PhysicalFile.parse method does not support keys before the first section header, thus it seems not suitable for parsing OpenSSL style config files.In that sense the
old_cert_is_equalmethod of the x509_cert openssl provider would need to be reviewed.The text was updated successfully, but these errors were encountered: