After upgrade to 3.3.1 (SLES11): Agent receives no certificate from master
I'm facing this problem on a SLES11 SP3 server with puppet 3.3.1, ruby 1.8.7 and facter 1.7.3. We recently updated from puppet 3.2.4. Neither any certs nor ips nor dns names changed. All runs fail on the client:
Error: Failed to apply catalog: undefined method `extensions' for nil:NilClass Error: Could not send report: undefined method `extensions' for nil:NilClass
After some debugging, I found that the actual error gets generated in /usr/lib64/ruby/1.8/openssl/ssl-internal.rb:91:in `verifycertificateidentity' where
is called. So to me it seems as if "cert" is nil. Certs are ok, connections with openssl s_client work, hence firewall is also not blocking. I would be glad for any pointers on how to further diagnose this problem!
UPDATE I looked a bit further into it, and the problem really is: the puppet agent doesn't retrieve a cert from the master, although it is configured to use tls. I'm puzzled. Neither logs on the server (apache+passenger) nor on the agent report anything suspicious