(PUP-11428) Refactor how the default ssl_context is created

joshcooper · joshcooper · commit 21bccfbed525 · 2022-04-05T09:51:28.000-07:00
Move the code for creating the default ssl_context into the http client, which
is similar to how the default *system* ssl_context is created.
diff --git a/lib/puppet.rb b/lib/puppet.rb
@@ -242,20 +242,7 @@ def self.base_context(settings)
     {
       :environments => Puppet::Environments::Cached.new(Puppet::Environments::Combined.new(*loaders)),
       :http_pool => proc { Puppet.runtime[:http].pool },
-      :ssl_context => proc {
-        begin
-          cert = Puppet::X509::CertProvider.new
-          password = cert.load_private_key_password
-          ssl = Puppet::SSL::SSLProvider.new
-          ssl.load_context(certname: Puppet[:certname], password: password)
-        rescue => e
-          # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
-          Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
-          # TRANSLATORS: `puppet agent -t` is a command and should not be translated
-          Puppet.err(_("Run `puppet agent -t`"))
-          raise e
-        end
-      },
+      :ssl_context => proc { Puppet.runtime[:http].default_ssl_context },
       :ssl_host => proc { Puppet::SSL::Host.localhost(true) },
       :http_session => proc { Puppet.runtime[:http].create_session },
       :plugins => proc { Puppet::Plugins::Configuration.load_plugins },
diff --git a/lib/puppet/http/client.rb b/lib/puppet/http/client.rb
@@ -274,6 +274,20 @@ def close
     @pool.close
   end
 
+  def default_ssl_context
+    cert = Puppet::X509::CertProvider.new
+    password = cert.load_private_key_password
+
+    ssl = Puppet::SSL::SSLProvider.new
+    ssl.load_context(certname: Puppet[:certname], password: password)
+  rescue => e
+    # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
+    Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
+    # TRANSLATORS: `puppet agent -t` is a command and should not be translated
+    Puppet.err(_("Run `puppet agent -t`"))
+    raise e
+  end
+
   protected
 
   def encode_query(url, params)
