(It's a tiny tiny edge case, just making sure this is in the mailing list archives here too.)
https://github.com/jruby/jruby/issues/5746 In short, JRuby-OpenSSL (actually using Bouncy Castle) will parse certs ending in both ways noted in the diff below, whereas actual OpenSSL won't. $ diff test1a.pem test1b.pemĀ 20c20 < -----END CERTIFICATE----- --- > -----END CERTIFICATE---- If you were intending that certs validated using a ruby function on the Puppetserver during catalog compilation would always be useful in production, you may very intermittently be disappointed. [root@puppetmaster2 ~]# openssl x509 -in /tmp/test1b.pem unable to load certificate 139748268332944:error:0906D066:PEM routines:PEM_read_bio:bad end line:pem_lib.c:815: [root@puppetmaster2 ~]# /opt/puppetlabs/server/bin/puppetserver irb irb(main):001:0> require 'openssl' => true irb(main):002:0> c = File.read('/tmp/test1b.pem') => "-----BEGIN CERTIFICATE----- \nMIIDVzCCAj+gAwIBAgIJAMXhmW2H4rU0MA0GCSqGSIb3DQEBCwUAMEIxCzAJBgNV\nBAY TAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg\nQ29tcGFu eSBMdGQwHhcNMTkwNTI3MTUzMDU0WhcNMjAwNTI2MTUzMDU0WjBCMQsw\nCQYDVQQGEwJYW DEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZh\ndWx0IENvbXBhbnkgTH RkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA\nwiiWr0JesxM4e0YVsWz0wAA oYrw2TIaHwg0hZVeX6R1NOLfApeDAbLLsEzO2G9Tj\n6IuzxaMYzpRCJoSxe7iyttY9M6Z/ OmlidMeBscRrEgR0YfSUC5szl4zHs3o1eML2\nVAUYgmFu/nTrvPiznrIyLuPT/GrDKqZvK yj9h4/YX6oE+DeXGbdJ2Z9o3dXxlSgJ\n8c6gqU+7IUkSO7CTpm4q3w/vHCFB+XfgJ6VJ3g 2sSlsWM/Pmax47g14I+UgsFMGj\nG0n4T6Nv6Kgen3GXUGfBoqtlBYpDQHcQljWXhuXQynn zSwDBYJkychIhpnuxjtn4\nRZV1h5TrRqPDEuKC/zxKoQIDAQABo1AwTjAdBgNVHQ4EFgQU DJdr9taJqUSJh0uX\n9oanZJlx5ewwHwYDVR0jBBgwFoAUDJdr9taJqUSJh0uX9oanZJlx5 ewwDAYDVR0T\nBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEARGsherQt9G7xaZ/EKCarZD hOCVqV\nUXSZ4vkIEdPsNpvsPq07MPlMt9dePvcrtwlpy9JzxT3YSDOkJGIL71WrzRr4xCS r\nJ9FqB64beHKjYgiZ1eJiLYveRBXBnDzpLfctjzT4r0xwnZjnFfbNHRnpO9tz4sc0\ne8 0j3yG1968u+8LhShd3Jl/3AY/g3+VgzGuAPgLYzAObHigWS8yME9HPBBHAIeKx\nkXwZ4hi DaBh6q3UXD0IgSp3V7izQK3ScM2PDyrFDsLEg+R7YdnofWCbMiTc3uEVC\nq/+dXqnGIeBz b4BrV0iYsbxCEdR6b9cF2ACoycFSs5nFLxz906yAvdeoFA==\n-----END CERTIFICATE- ---\n" irb(main):003:0> OpenSSL::X509::Certificate.new(c) => #<OpenSSL::X509::Certificate:0x57dee2b9 subject=/C=XX/L=Default City/O=Default Company Ltd, issuer=/C=XX/L=Default City/O=Default Company Ltd, serial=14258846590941967668, not_before=2019-05-27 15:30:54 UTC, not_after=2020-05-26 15:30:54 UTC> -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/1558980169.19664.5.camel%40pobox.com. For more options, visit https://groups.google.com/d/optout.
