(PUP-11428) Print default puppet and system ssl contexts at debug

joshcooper · joshcooper · commit 9f80fd7d7254 · 2022-04-05T09:56:50.000-07:00
Print ssl context state at debug any time one is loaded or created while making
an HTTPS connection. Previously this only happened when running the SSL state
machine.
diff --git a/lib/puppet/http/client.rb b/lib/puppet/http/client.rb
@@ -25,7 +25,7 @@ class Puppet::HTTP::Client
   #   used if :include_system_store is set to true
   # @param [Integer] redirect_limit default number of HTTP redirections to allow
   #   in a given request. Can also be specified per-request.
-  # @param [Integer] retry_limit number of HTTP reties allowed in a given
+  # @param [Integer] retry_limit number of HTTP retries allowed in a given
   #   request
   #
   def initialize(pool: Puppet::Network::HTTP::Pool.new(Puppet[:http_keepalive_timeout]), ssl_context: nil, system_ssl_context: nil, redirect_limit: 10, retry_limit: 100)
@@ -281,7 +281,9 @@ def default_ssl_context
     password = cert.load_private_key_password
 
     ssl = Puppet::SSL::SSLProvider.new
-    ssl.load_context(certname: Puppet[:certname], password: password)
+    ctx = ssl.load_context(certname: Puppet[:certname], password: password)
+    ssl.print(ctx)
+    ctx
   rescue => e
     # TRANSLATORS: `message` is an already translated string of why SSL failed to initialize
     Puppet.log_exception(e, _("Failed to initialize SSL: %{message}") % { message: e.message })
@@ -425,6 +427,8 @@ def system_ssl_context
 
     ssl = Puppet::SSL::SSLProvider.new
     @default_system_ssl_context = ssl.create_system_context(cacerts: cacerts)
+    ssl.print(@default_system_ssl_context)
+    @default_system_ssl_context
   end
 
   def apply_auth(request, basic_auth)
