(maint) Drop private key passphrase workaround

joshcooper · joshcooper · commit 8b1a992b4384 · 2021-06-09T10:28:40.000-07:00
Ruby 2.4.0 and 2.4.1 required a password of at least 4 bytes to prevent openssl from prompting for a passphrase, even if one wasn't required. This was fixed in ruby/openssl 2.0.5, which was first included in ruby 2.5.0[1], so we can drop our workaround. [1] ruby/ruby@df94c66
diff --git a/lib/puppet/x509/cert_provider.rb b/lib/puppet/x509/cert_provider.rb
@@ -207,10 +207,7 @@ def load_private_key(name, required: false, password: nil)
   # @api private
   def load_private_key_from_pem(pem, password: nil)
     # set a non-nil password to ensure openssl doesn't prompt
-    # but ruby 2.4.0 & 2.4.1 require at least 4 bytes due to
-    # https://github.com/ruby/openssl/commit/f38501249f33bff7ca9d208670b8cde695ea8b7b
-    # and corrected in https://github.com/ruby/openssl/commit/a896c3d1dfa090e92dec1abf8ac12843af6af721
-    password ||= '    '
+    password ||= ''
 
     # Can't use OpenSSL::PKey.read, because it's broken in MRI 2.3, doesn't exist
     # in JRuby 9.1, and is broken in JRuby 9.2
