From a22098cac13ba75e07183ebfc4dee8a3c9714311 Mon Sep 17 00:00:00 2001 From: Chris Southall Date: Thu, 9 Dec 2021 20:13:59 -0600 Subject: [PATCH] use ssl_trust_store from puppet.conf on Windows --- lib/puppet_x/bodeco/util.rb | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/lib/puppet_x/bodeco/util.rb b/lib/puppet_x/bodeco/util.rb index 67743ba6..f9787043 100644 --- a/lib/puppet_x/bodeco/util.rb +++ b/lib/puppet_x/bodeco/util.rb @@ -80,7 +80,22 @@ def initialize(_url, options) @proxy_port = uri.port end - ENV['SSL_CERT_FILE'] = File.expand_path(File.join(__FILE__, '..', 'cacert.pem')) if Facter.value(:osfamily) == 'windows' && !ENV.key?('SSL_CERT_FILE') + @osfamily = Facter.value(:osfamily) + if @osfamily == 'windows' + # Get the 'ssl_trust_store' setting from the puppet agent + Puppet.settings.preferred_run_mode = :agent + puppet_ssl_trust_store = Puppet.settings.to_h[:ssl_trust_store].value || nil + + # Prefer 'ssl_trust_store' from the puppet agent, then SSL_CERT_FILE from the + # environment, and the bundled pem file as a last resort + @ssl_trust_store = if puppet_ssl_trust_store && File.exist?(puppet_ssl_trust_store) + puppet_ssl_trust_store + elsif ENV.key?('SSL_CERT_FILE') + ENV['SSL_CERT_FILE'] + else + File.expand_path(File.join(__FILE__, '..', 'cacert.pem')) + end + end end def generate_request(uri) @@ -98,6 +113,7 @@ def follow_redirect(uri, option = { limit: FOLLOW_LIMIT }, &block) else { use_ssl: false } end + http_opts[:ca_file] = @ssl_trust_store if @osfamily == 'windows' Net::HTTP.start(uri.host, uri.port, @proxy_addr, @proxy_port, http_opts) do |http| http.request(generate_request(uri)) do |response| case response