Merge pull request #260 from barleyj-puppet/issue/pe-22810-debian9-fa…

…ils-upgrade (PE-22810) Removed _client_cert_verification
puppetlabs · Nov 10, 2017 · eb8a19c · eb8a19c
2 parents 74a2910 + 3b35ea9
commit eb8a19c
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 20 deletions.
diff --git a/manifests/osfamily/debian.pp b/manifests/osfamily/debian.pp
@@ -25,31 +25,17 @@
       # For debian based platforms, in order to add SSL verification, you need to add a
       # configuration file specific to just the sources host
       $source_host = uri_host_from_string($source)
-      $_client_cert_verification = [
-        "Acquire::https::${source_host}::SslCert \"${_sslclientcert_path}\";",
-        "Acquire::https::${source_host}::SslKey \"${_sslclientkey_path}\";",
-      ]
       $_ca_cert_verification = [
         "Acquire::https::${source_host}::CaInfo \"${_sslcacert_path}\";",
       ]
       $_proxy_host = [
         "Acquire::http::proxy::${source_host} DIRECT;",
       ]
 
-      # Xenial has some sort of change that seems to have broke client cert
-      # verification in APT. While it is nice to have client cert verification,
-      # it is not strictly necessary since really all that we want to verify is
-      # that there isn't a MITM on the route to the master.
-      if ($::operatingsystem == 'Ubuntu' and $::lsbdistcodename == 'xenial') {
-        $_apt_settings = concat(
-          $_ca_cert_verification,
-          $_proxy_host)
-      } else {
-        $_apt_settings = concat(
-          $_ca_cert_verification,
-          $_client_cert_verification,
-          $_proxy_host)
-      }
+      $_apt_settings = concat(
+        $_ca_cert_verification,
+        $_proxy_host)
+
 
       apt::setting { 'conf-pc_repo':
         content  => $_apt_settings.join(''),

diff --git a/spec/classes/puppet_agent_osfamily_debian_spec.rb b/spec/classes/puppet_agent_osfamily_debian_spec.rb
@@ -137,8 +137,6 @@
 
       apt_settings = [
         "Acquire::https::master.example.vm::CaInfo \"/etc/puppetlabs/puppet/ssl/certs/ca.pem\";",
-        "Acquire::https::master.example.vm::SslCert \"/etc/puppetlabs/puppet/ssl/certs/foo.example.vm.pem\";",
-        "Acquire::https::master.example.vm::SslKey \"/etc/puppetlabs/puppet/ssl/private_keys/foo.example.vm.pem\";",
         "Acquire::http::proxy::master.example.vm DIRECT;",
       ]
       it { is_expected.to contain_apt__setting('conf-pc_repo').with({