There is a bug in the default apache puppetmaster vhost that's included in the package.
# puppetd --server puppet.fqdn --waitforcert 60 --no-usecacheonfailure
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert decrypt error
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
#
This is easily fixed but it should be changed in the package too:
Binary package hint: puppet
There is a bug in the default apache puppetmaster vhost that's included in the package.
# puppetd --server puppet.fqdn --waitforcert 60 --no-usecacheon failure
err: Could not retrieve catalog from remote server: SSL_connect returned=1 errno=0 state=SSLv3 read server session ticket A: tlsv1 alert decrypt error
warning: Not using cache on failed catalog
err: Could not retrieve catalog; skipping run
#
This is easily fixed but it should be changed in the package too:
# mkdir /var/lib/ puppet/ ssl/ca/ crl puppet/ ssl/ca/ crl sites-enabled/ puppetmaster puppet/ ssl/ca/ ca_crl. pem
SSLCARevocatio nPath /var/lib/ puppet/ ssl/ca/ crl
# chown -R puppet:puppet /var/lib/
# grep -i SSLCARevocation /etc/apache2/
# default: SSLCARevocationFile /var/lib/