puppet 6.22.1-x86-mingw32 → 6.23.0-x86-mingw32

data/spec/fixtures/ssl/unknown-ca-key.pem

@@ -1,67 +1,117 @@
-RSA Private-Key: (1024 bit, 2 primes)
+RSA Private-Key: (2048 bit, 2 primes)
 modulus:
-    00:c1:5e:5d:26:ae:73:17:5a:70:37:ac:42:25:ca:
-    05:10:86:17:23:6c:28:84:48:2a:4a:d4:b0:3a:2a:
-    d8:33:ae:58:67:6f:9b:4f:a6:b4:87:b1:ec:37:00:
-    69:8d:d5:cf:71:8a:96:e1:4a:f8:c8:81:36:f9:43:
-    ad:d8:d6:76:83:27:99:a4:48:17:c2:ef:9c:22:40:
-    4b:c6:58:21:88:e5:1d:37:79:4e:ba:31:e6:52:ec:
-    8c:23:ed:d6:ce:3b:58:ad:82:c7:ae:28:47:d4:e7:
-    cc:31:ac:78:c9:02:87:d0:b1:91:09:f6:1e:9a:c3:
-    4f:f6:5a:fe:a2:21:0e:c0:95
+    00:ea:16:4c:26:71:56:ac:35:bb:2b:f6:1b:18:58:
+    16:0f:1c:39:3f:4d:02:e4:b2:a7:8b:bd:fe:99:57:
+    f2:a5:a8:15:01:79:0d:1d:f6:d9:12:db:d5:26:a2:
+    f6:58:af:4b:2c:aa:46:7a:53:63:9f:1f:1a:9e:1c:
+    fc:9a:8e:20:c8:c8:c8:db:4d:50:8d:4e:19:83:a1:
+    9d:54:49:26:7b:3a:e0:77:1d:7d:88:01:80:46:32:
+    70:47:16:08:71:de:12:94:67:fd:71:1f:41:56:93:
+    15:91:68:bd:05:3b:67:96:1f:7a:4d:d5:1e:b6:ac:
+    41:1f:f0:ce:d3:2d:96:d9:7c:ad:cd:be:b3:32:66:
+    18:03:2c:83:98:f1:e8:96:6f:85:0f:e1:1f:93:d0:
+    f9:09:43:8c:b1:ea:43:26:32:a5:c6:d2:32:75:2d:
+    ed:72:9d:bf:3a:bb:f3:4e:d0:0c:ac:ba:6b:fd:7f:
+    66:d8:12:40:4e:49:e7:d4:ec:70:03:71:37:cb:5e:
+    cc:d3:4f:f3:d2:cc:e2:39:eb:79:6c:71:e5:d1:0e:
+    45:4c:7a:3d:6f:39:e8:16:e7:de:60:eb:01:e7:80:
+    4e:42:1d:1c:33:0a:eb:f9:10:2c:5c:ed:0c:58:0b:
+    8c:fd:6d:f4:19:49:8a:a2:81:ab:04:b0:cb:7a:61:
+    1f:d3
 publicExponent: 65537 (0x10001)
 privateExponent:
-    60:5b:b7:ab:98:ee:fd:4a:31:f5:6c:3f:a2:39:23:
-    80:f2:71:01:53:da:74:e0:c9:42:74:ee:44:6e:29:
-    42:c7:b4:82:06:d9:ac:3d:74:64:d2:42:d5:bd:bc:
-    db:d3:1a:06:88:7b:5b:55:52:d8:07:9b:ef:66:cc:
-    70:eb:9e:2e:2b:7e:c1:34:84:9a:83:34:b2:70:c6:
-    59:72:60:a0:f4:f5:d9:f2:76:ae:bf:7d:23:35:ee:
-    ad:b1:2d:c1:fe:05:7d:5b:7f:2c:da:87:ec:6e:b0:
-    a3:08:c9:bd:e5:30:a4:c2:6e:6e:50:c0:5e:31:f6:
-    33:ef:86:57:64:45:b7:c1
+    00:b5:87:11:0a:86:bd:d5:d1:dd:12:1c:49:aa:b9:
+    34:72:07:4b:05:a1:ac:ea:b8:f8:60:cf:b7:8e:26:
+    bb:8e:67:27:d2:fa:92:87:78:13:a2:22:43:cb:30:
+    78:a5:11:5a:d4:8a:3f:19:41:6d:71:c9:e7:14:52:
+    1a:39:a8:9a:17:da:4c:98:73:fe:51:76:0d:27:1c:
+    bf:2a:cb:87:41:ec:c8:80:d6:a7:b0:3e:a9:c0:c6:
+    00:77:bf:c8:50:b5:0b:e7:76:34:fd:f2:64:f2:c4:
+    20:e7:a0:37:64:c5:4a:71:0a:7c:07:bb:8b:93:d1:
+    44:b7:86:40:7d:57:4f:31:db:98:22:21:d5:f3:b0:
+    57:4e:f6:c9:a4:08:43:3d:d8:ce:59:aa:a7:1f:da:
+    93:40:11:cf:8c:14:9d:f3:10:9f:cf:0a:d0:cf:2b:
+    b6:ea:e5:3c:92:9f:c2:6f:24:86:71:15:61:49:7b:
+    77:48:c1:d2:13:67:1a:f7:c0:89:3d:3d:87:cf:6e:
+    5c:e4:46:28:fe:33:89:3c:09:fc:50:3c:b7:a9:25:
+    3c:f2:a5:a0:e1:e0:9c:d1:4a:3e:11:5b:10:1a:33:
+    29:c7:ca:0b:ac:bf:c2:be:90:27:1f:ef:d7:d2:ca:
+    5f:37:b3:b3:b9:3a:35:87:be:ca:c3:f7:59:03:f7:
+    7e:f1
 prime1:
-    00:e1:d6:07:8c:c6:4d:90:fa:d6:40:9a:1f:e5:34:
-    50:16:72:9f:5b:83:c1:60:d5:73:39:c2:c6:ec:3a:
-    ed:24:fe:aa:5d:16:14:ba:85:a4:7d:5a:94:e8:63:
-    f9:dd:25:a8:2c:6b:ca:7c:43:c7:a9:92:ae:35:5c:
-    85:47:9e:51:e9
+    00:f7:83:23:4b:6f:82:af:b6:7a:0f:1f:1a:05:21:
+    d1:a1:84:d1:07:24:db:dd:64:9f:16:84:eb:c4:bf:
+    ec:cf:2f:69:92:21:b8:88:05:24:8c:bc:c1:db:d0:
+    38:53:bf:43:dc:5b:5e:42:7b:ad:de:d6:3a:04:9e:
+    a5:a7:f0:0b:2e:4e:2a:20:6f:95:7d:f0:be:ff:12:
+    c6:f4:d2:ca:39:e1:a5:c9:34:58:3b:3d:40:c1:88:
+    63:c3:cc:87:02:25:70:88:58:df:ec:b6:d6:0c:9e:
+    15:2d:57:e1:34:e9:2e:ac:51:cf:c4:83:dd:b6:11:
+    44:23:b8:95:50:6c:40:ae:ed
 prime2:
-    00:db:32:2e:59:ea:22:83:ce:d3:d5:7b:cb:b9:81:
-    b9:c2:4e:5b:08:ab:8f:66:21:34:55:61:50:57:02:
-    5e:d2:d9:09:8d:39:81:85:cd:4c:08:f3:b1:1a:b5:
-    b4:0c:3b:77:5e:c1:e0:95:f1:98:c6:f5:58:88:42:
-    50:b0:c3:41:cd
+    00:f2:1d:4d:7f:ee:9e:a5:0f:c9:73:a5:4d:fe:7c:
+    0a:94:8e:c6:77:c8:ec:53:e0:03:f5:65:42:39:40:
+    26:02:46:8f:05:3d:b9:ba:f2:29:8a:b4:3c:60:37:
+    85:ee:e0:ba:e2:35:69:be:84:95:53:f3:fd:b8:b9:
+    5b:51:76:10:2a:f8:b2:54:58:ab:e5:89:18:46:df:
+    08:c0:4f:57:56:cc:1c:f2:53:e6:b6:91:c0:bd:9c:
+    c6:a8:8c:bf:a0:d4:b6:86:37:50:f9:69:78:95:bd:
+    83:6f:5e:64:1a:b7:75:31:2c:a2:c5:c9:b7:b7:80:
+    c4:61:ac:fd:f7:c7:88:71:bf
 exponent1:
-    00:b2:c8:27:4d:f0:a6:f3:41:40:60:00:23:83:e5:
-    f8:08:ed:50:ee:b7:cd:5d:05:5d:a4:ba:67:94:17:
-    ca:28:e1:5a:a9:3a:93:ca:5d:86:2c:9e:8b:07:b6:
-    2d:d6:3e:bb:75:ff:17:5b:6c:a5:21:bf:37:1e:93:
-    52:07:b2:74:11
+    3c:63:9c:9a:ed:2c:1f:9f:10:0c:dc:73:c6:c8:c7:
+    92:f7:0a:e1:09:57:33:9f:37:49:91:48:cd:0a:5e:
+    c6:f6:34:75:d9:10:62:ef:8e:49:60:4c:94:4b:2b:
+    53:13:99:85:0c:2d:e5:5e:b3:bf:68:d9:63:03:2a:
+    3b:dd:4f:7d:0e:c9:2c:7c:cd:26:9b:34:9e:9b:80:
+    3b:7f:aa:a3:90:b0:98:74:d3:0a:31:19:b9:9e:83:
+    68:e4:60:14:5f:fa:22:ea:3c:48:4f:1b:ce:9c:4b:
+    62:72:cc:99:d2:42:f6:fc:47:0b:15:79:64:d0:b5:
+    a5:59:85:e4:c7:64:c8:c9
 exponent2:
-    63:f3:51:e7:76:38:1e:da:65:05:e7:d9:51:d1:b1:
-    9e:c4:94:06:34:14:c3:81:48:97:d6:34:08:38:f0:
-    7c:3c:b3:7a:4e:4a:9d:74:ab:c3:39:3b:fc:ed:f6:
-    17:cd:d5:f4:c3:7b:61:64:35:42:24:06:26:bb:f6:
-    87:63:c1:d1
+    00:d5:ba:32:58:d5:cf:6c:0c:94:9c:26:f7:c3:c7:
+    c2:1b:44:32:45:39:b4:0d:92:ba:4b:dd:38:69:8b:
+    8c:42:04:01:6a:f2:03:4b:d9:4b:fc:aa:80:85:bb:
+    5d:da:f2:bd:66:c5:19:f4:d9:db:6c:81:fd:9f:1c:
+    d9:54:fe:f0:e4:ce:27:b6:37:94:7f:0a:d7:c8:70:
+    48:ac:63:1d:c9:7c:63:ad:33:8d:7d:eb:0a:87:17:
+    a7:72:d0:d4:b4:e8:31:bc:27:86:ae:b5:81:82:46:
+    0a:89:bc:7c:87:ed:1d:61:ec:72:40:41:82:91:55:
+    f5:85:f8:0d:35:b7:09:66:c7
 coefficient:
-    00:8a:5b:12:c8:57:3c:1e:95:32:eb:5e:e3:92:50:
-    2c:7b:6a:02:a4:18:48:30:cc:23:9f:79:91:dd:56:
-    e8:ae:f7:93:47:ed:a6:26:35:6b:aa:7c:2c:f2:36:
-    01:33:f3:0f:df:50:c9:c8:0a:e7:6e:ec:ba:54:a0:
-    8d:0f:09:40:fd
+    3d:9b:b0:01:4b:43:c3:bf:50:86:d8:c8:52:d4:4d:
+    7a:05:40:2d:20:50:d4:4a:a9:33:a3:b8:d1:fc:6b:
+    eb:be:c9:df:44:f7:70:51:05:d8:58:d2:a0:d8:e0:
+    36:fc:56:43:25:0f:2a:b6:41:a2:25:99:01:8b:d5:
+    93:f4:d6:04:ae:4f:40:44:f6:f2:85:a8:9f:35:99:
+    63:9d:ef:f9:f5:3e:5d:07:3c:96:23:a6:26:8c:28:
+    d1:60:cd:13:18:3b:41:e9:30:31:83:50:73:91:ba:
+    5a:a3:69:d1:6e:a8:40:f2:72:df:e8:88:73:9c:a7:
+    ce:e7:9f:11:97:e5:04:6d
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDBXl0mrnMXWnA3rEIlygUQhhcjbCiESCpK1LA6Ktgzrlhnb5tP
-prSHsew3AGmN1c9xipbhSvjIgTb5Q63Y1naDJ5mkSBfC75wiQEvGWCGI5R03eU66
-MeZS7Iwj7dbOO1itgseuKEfU58wxrHjJAofQsZEJ9h6aw0/2Wv6iIQ7AlQIDAQAB
-AoGAYFu3q5ju/Uox9Ww/ojkjgPJxAVPadODJQnTuRG4pQse0ggbZrD10ZNJC1b28
-29MaBoh7W1VS2Aeb72bMcOueLit+wTSEmoM0snDGWXJgoPT12fJ2rr99IzXurbEt
-wf4FfVt/LNqH7G6wowjJveUwpMJublDAXjH2M++GV2RFt8ECQQDh1geMxk2Q+tZA
-mh/lNFAWcp9bg8Fg1XM5wsbsOu0k/qpdFhS6haR9WpToY/ndJagsa8p8Q8epkq41
-XIVHnlHpAkEA2zIuWeoig87T1XvLuYG5wk5bCKuPZiE0VWFQVwJe0tkJjTmBhc1M
-CPOxGrW0DDt3XsHglfGYxvVYiEJQsMNBzQJBALLIJ03wpvNBQGAAI4Pl+AjtUO63
-zV0FXaS6Z5QXyijhWqk6k8pdhiyeiwe2LdY+u3X/F1tspSG/Nx6TUgeydBECQGPz
-Ued2OB7aZQXn2VHRsZ7ElAY0FMOBSJfWNAg48Hw8s3pOSp10q8M5O/zt9hfN1fTD
-e2FkNUIkBia79odjwdECQQCKWxLIVzwelTLrXuOSUCx7agKkGEgwzCOfeZHdVuiu
-95NH7aYmNWuqfCzyNgEz8w/fUMnICudu7LpUoI0PCUD9
+MIIEpAIBAAKCAQEA6hZMJnFWrDW7K/YbGFgWDxw5P00C5LKni73+mVfypagVAXkN
+HfbZEtvVJqL2WK9LLKpGelNjnx8anhz8mo4gyMjI201QjU4Zg6GdVEkmezrgdx19
+iAGARjJwRxYIcd4SlGf9cR9BVpMVkWi9BTtnlh96TdUetqxBH/DO0y2W2Xytzb6z
+MmYYAyyDmPHolm+FD+Efk9D5CUOMsepDJjKlxtIydS3tcp2/OrvzTtAMrLpr/X9m
+2BJATknn1OxwA3E3y17M00/z0sziOet5bHHl0Q5FTHo9bznoFufeYOsB54BOQh0c
+Mwrr+RAsXO0MWAuM/W30GUmKooGrBLDLemEf0wIDAQABAoIBAQC1hxEKhr3V0d0S
+HEmquTRyB0sFoazquPhgz7eOJruOZyfS+pKHeBOiIkPLMHilEVrUij8ZQW1xyecU
+Uho5qJoX2kyYc/5Rdg0nHL8qy4dB7MiA1qewPqnAxgB3v8hQtQvndjT98mTyxCDn
+oDdkxUpxCnwHu4uT0US3hkB9V08x25giIdXzsFdO9smkCEM92M5Zqqcf2pNAEc+M
+FJ3zEJ/PCtDPK7bq5TySn8JvJIZxFWFJe3dIwdITZxr3wIk9PYfPblzkRij+M4k8
+CfxQPLepJTzypaDh4JzRSj4RWxAaMynHygusv8K+kCcf79fSyl83s7O5OjWHvsrD
+91kD937xAoGBAPeDI0tvgq+2eg8fGgUh0aGE0Qck291knxaE68S/7M8vaZIhuIgF
+JIy8wdvQOFO/Q9xbXkJ7rd7WOgSepafwCy5OKiBvlX3wvv8SxvTSyjnhpck0WDs9
+QMGIY8PMhwIlcIhY3+y21gyeFS1X4TTpLqxRz8SD3bYRRCO4lVBsQK7tAoGBAPId
+TX/unqUPyXOlTf58CpSOxnfI7FPgA/VlQjlAJgJGjwU9ubryKYq0PGA3he7guuI1
+ab6ElVPz/bi5W1F2ECr4slRYq+WJGEbfCMBPV1bMHPJT5raRwL2cxqiMv6DUtoY3
+UPlpeJW9g29eZBq3dTEsosXJt7eAxGGs/ffHiHG/AoGAPGOcmu0sH58QDNxzxsjH
+kvcK4QlXM583SZFIzQpexvY0ddkQYu+OSWBMlEsrUxOZhQwt5V6zv2jZYwMqO91P
+fQ7JLHzNJps0npuAO3+qo5CwmHTTCjEZuZ6DaORgFF/6Iuo8SE8bzpxLYnLMmdJC
+9vxHCxV5ZNC1pVmF5MdkyMkCgYEA1boyWNXPbAyUnCb3w8fCG0QyRTm0DZK6S904
+aYuMQgQBavIDS9lL/KqAhbtd2vK9ZsUZ9NnbbIH9nxzZVP7w5M4ntjeUfwrXyHBI
+rGMdyXxjrTONfesKhxenctDUtOgxvCeGrrWBgkYKibx8h+0dYexyQEGCkVX1hfgN
+NbcJZscCgYA9m7ABS0PDv1CG2MhS1E16BUAtIFDUSqkzo7jR/GvrvsnfRPdwUQXY
+WNKg2OA2/FZDJQ8qtkGiJZkBi9WT9NYErk9ARPbyhaifNZljne/59T5dBzyWI6Ym
+jCjRYM0TGDtB6TAxg1Bzkbpao2nRbqhA8nLf6IhznKfO558Rl+UEbQ==
 -----END RSA PRIVATE KEY-----

data/spec/fixtures/ssl/unknown-ca.pem

@@ -6,21 +6,30 @@ Certificate:
         Issuer: CN=Unknown CA
         Validity
             Not Before: Jan  1 00:00:00 1970 GMT
-            Not After : Mar 10 06:54:16 2030 GMT
+            Not After : Apr 18 18:46:23 2031 GMT
         Subject: CN=Unknown CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (1024 bit)
+                RSA Public-Key: (2048 bit)
                 Modulus:
-                    00:c1:5e:5d:26:ae:73:17:5a:70:37:ac:42:25:ca:
-                    05:10:86:17:23:6c:28:84:48:2a:4a:d4:b0:3a:2a:
-                    d8:33:ae:58:67:6f:9b:4f:a6:b4:87:b1:ec:37:00:
-                    69:8d:d5:cf:71:8a:96:e1:4a:f8:c8:81:36:f9:43:
-                    ad:d8:d6:76:83:27:99:a4:48:17:c2:ef:9c:22:40:
-                    4b:c6:58:21:88:e5:1d:37:79:4e:ba:31:e6:52:ec:
-                    8c:23:ed:d6:ce:3b:58:ad:82:c7:ae:28:47:d4:e7:
-                    cc:31:ac:78:c9:02:87:d0:b1:91:09:f6:1e:9a:c3:
-                    4f:f6:5a:fe:a2:21:0e:c0:95
+                    00:ea:16:4c:26:71:56:ac:35:bb:2b:f6:1b:18:58:
+                    16:0f:1c:39:3f:4d:02:e4:b2:a7:8b:bd:fe:99:57:
+                    f2:a5:a8:15:01:79:0d:1d:f6:d9:12:db:d5:26:a2:
+                    f6:58:af:4b:2c:aa:46:7a:53:63:9f:1f:1a:9e:1c:
+                    fc:9a:8e:20:c8:c8:c8:db:4d:50:8d:4e:19:83:a1:
+                    9d:54:49:26:7b:3a:e0:77:1d:7d:88:01:80:46:32:
+                    70:47:16:08:71:de:12:94:67:fd:71:1f:41:56:93:
+                    15:91:68:bd:05:3b:67:96:1f:7a:4d:d5:1e:b6:ac:
+                    41:1f:f0:ce:d3:2d:96:d9:7c:ad:cd:be:b3:32:66:
+                    18:03:2c:83:98:f1:e8:96:6f:85:0f:e1:1f:93:d0:
+                    f9:09:43:8c:b1:ea:43:26:32:a5:c6:d2:32:75:2d:
+                    ed:72:9d:bf:3a:bb:f3:4e:d0:0c:ac:ba:6b:fd:7f:
+                    66:d8:12:40:4e:49:e7:d4:ec:70:03:71:37:cb:5e:
+                    cc:d3:4f:f3:d2:cc:e2:39:eb:79:6c:71:e5:d1:0e:
+                    45:4c:7a:3d:6f:39:e8:16:e7:de:60:eb:01:e7:80:
+                    4e:42:1d:1c:33:0a:eb:f9:10:2c:5c:ed:0c:58:0b:
+                    8c:fd:6d:f4:19:49:8a:a2:81:ab:04:b0:cb:7a:61:
+                    1f:d3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -28,32 +37,45 @@ Certificate:
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
-                E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
+                16:C5:98:B8:84:0B:0A:43:CB:5A:D2:E0:55:C0:64:AB:89:F8:50:FD
             Netscape Comment: 
                 Puppet Server Internal Certificate
             X509v3 Authority Key Identifier: 
-                keyid:E9:58:70:FE:F1:C1:AA:5A:70:7A:C1:02:11:1D:9A:F4:60:4F:70:76
+                keyid:16:C5:98:B8:84:0B:0A:43:CB:5A:D2:E0:55:C0:64:AB:89:F8:50:FD
 
     Signature Algorithm: sha256WithRSAEncryption
-         00:45:89:e8:68:a7:50:8c:92:84:3c:c4:e6:10:00:29:27:99:
-         c6:82:aa:aa:b5:0b:ef:97:58:bc:bb:e6:e7:93:7c:a7:ea:e5:
-         9a:61:1d:e3:4f:3f:f9:ac:c4:96:14:a5:1f:77:a6:01:dc:08:
-         15:9c:3f:66:29:92:80:49:e9:db:d9:22:fb:c3:86:bf:40:ab:
-         46:bf:c5:47:bb:c8:89:df:d4:ca:36:f5:08:c4:08:c6:0b:d6:
-         9e:8a:86:41:1e:7e:6f:a9:75:ef:8a:94:a9:fd:1a:9b:0f:55:
-         3a:55:e5:04:82:71:c3:47:78:62:8e:07:ed:dc:4e:ac:f9:33:
-         7b:27
+         7d:0b:a0:2e:d4:fb:6b:29:04:d6:86:4e:89:94:4c:b5:d4:f7:
+         79:5a:38:95:51:9a:80:03:82:93:c8:a7:4e:93:4a:4b:41:1a:
+         85:f3:46:57:e1:70:50:ad:bb:4e:b9:d6:0c:00:e5:9e:4c:f7:
+         26:3b:88:61:27:ad:fa:39:a7:36:e1:62:87:7a:dc:7d:f9:f6:
+         c1:ee:bc:db:f7:65:a1:b0:2a:06:ae:4b:cb:99:82:f5:8e:38:
+         51:ac:c9:92:33:b9:7b:50:8b:c6:72:36:d3:f2:73:7d:58:13:
+         00:21:4d:c6:70:9d:eb:70:58:bf:dc:34:94:7e:bc:ef:17:2d:
+         9d:00:bd:55:f9:48:11:c0:8f:88:ea:a8:7c:5d:fb:88:fd:8c:
+         b4:00:1d:61:a7:4b:2a:90:ef:96:c1:28:2a:a0:95:ad:bb:b3:
+         af:3a:d5:93:1c:54:d7:c5:5b:26:a3:24:87:df:bd:68:74:fa:
+         e6:07:4e:13:b9:5f:54:19:ae:da:00:8c:ca:d6:ff:b7:94:6b:
+         4f:ff:71:ca:2b:7d:ee:7e:32:ff:03:3e:60:a4:30:d4:7d:9c:
+         ab:97:0e:f7:80:ee:69:c0:28:a8:ec:6b:89:05:38:64:34:e8:
+         b2:e9:f3:a1:85:e7:3d:e1:64:3c:86:e4:fd:44:4f:3b:2a:f8:
+         d2:b4:93:22
 -----BEGIN CERTIFICATE-----
-MIICODCCAaGgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
-b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMwMDMxMDA2NTQxNlowFTETMBEGA1UE
-AwwKVW5rbm93biBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAwV5dJq5z
-F1pwN6xCJcoFEIYXI2wohEgqStSwOirYM65YZ2+bT6a0h7HsNwBpjdXPcYqW4Ur4
-yIE2+UOt2NZ2gyeZpEgXwu+cIkBLxlghiOUdN3lOujHmUuyMI+3WzjtYrYLHrihH
-1OfMMax4yQKH0LGRCfYemsNP9lr+oiEOwJUCAwEAAaOBlzCBlDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU6Vhw/vHBqlpwesECER2a
-9GBPcHYwMQYJYIZIAYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2Vy
-dGlmaWNhdGUwHwYDVR0jBBgwFoAU6Vhw/vHBqlpwesECER2a9GBPcHYwDQYJKoZI
-hvcNAQELBQADgYEAAEWJ6GinUIyShDzE5hAAKSeZxoKqqrUL75dYvLvm55N8p+rl
-mmEd408/+azElhSlH3emAdwIFZw/ZimSgEnp29ki+8OGv0CrRr/FR7vIid/Uyjb1
-CMQIxgvWnoqGQR5+b6l174qUqf0amw9VOlXlBIJxw0d4Yo4H7dxOrPkzeyc=
+MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
+b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMxMDQxODE4NDYyM1owFTETMBEGA1UE
+AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOoW
+TCZxVqw1uyv2GxhYFg8cOT9NAuSyp4u9/plX8qWoFQF5DR322RLb1Sai9livSyyq
+RnpTY58fGp4c/JqOIMjIyNtNUI1OGYOhnVRJJns64HcdfYgBgEYycEcWCHHeEpRn
+/XEfQVaTFZFovQU7Z5Yfek3VHrasQR/wztMtltl8rc2+szJmGAMsg5jx6JZvhQ/h
+H5PQ+QlDjLHqQyYypcbSMnUt7XKdvzq7807QDKy6a/1/ZtgSQE5J59TscANxN8te
+zNNP89LM4jnreWxx5dEORUx6PW856Bbn3mDrAeeATkIdHDMK6/kQLFztDFgLjP1t
+9BlJiqKBqwSwy3phH9MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQUFsWYuIQLCkPLWtLgVcBkq4n4UP0wMQYJYIZI
+AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
+VR0jBBgwFoAUFsWYuIQLCkPLWtLgVcBkq4n4UP0wDQYJKoZIhvcNAQELBQADggEB
+AH0LoC7U+2spBNaGTomUTLXU93laOJVRmoADgpPIp06TSktBGoXzRlfhcFCtu065
+1gwA5Z5M9yY7iGEnrfo5pzbhYod63H359sHuvNv3ZaGwKgauS8uZgvWOOFGsyZIz
+uXtQi8ZyNtPyc31YEwAhTcZwnetwWL/cNJR+vO8XLZ0AvVX5SBHAj4jqqHxd+4j9
+jLQAHWGnSyqQ75bBKCqgla27s6861ZMcVNfFWyajJIffvWh0+uYHThO5X1QZrtoA
+jMrW/7eUa0//ccorfe5+Mv8DPmCkMNR9nKuXDveA7mnAKKjsa4kFOGQ06LLp86GF
+5z3hZDyG5P1ETzsq+NK0kyI=
 -----END CERTIFICATE-----

data/spec/integration/application/resource_spec.rb

@@ -0,0 +1,30 @@
+require 'spec_helper'
+require 'puppet_spec/files'
+
+describe "puppet resource", unless: Puppet::Util::Platform.jruby? do
+  include PuppetSpec::Files
+
+  let(:resource) { Puppet::Application[:resource] }
+
+  describe "when handling file and tidy types" do
+    let!(:dir) { dir_containing('testdir', 'testfile' => 'contents') }
+
+    it 'does not raise when generating file resources' do
+      resource.command_line.args = ['file', dir, 'ensure=directory', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/ensure.+=> 'directory'/).to_stdout
+    end
+
+    it 'correctly cleans up a given path' do
+      resource.command_line.args = ['tidy', dir, 'rmdirs=true', 'recurse=true']
+
+      expect {
+        resource.run
+      }.to output(/Notice: \/File\[#{dir}\]\/ensure: removed/).to_stdout
+
+      expect(Puppet::FileSystem.exist?(dir)).to be false
+    end
+  end
+end

data/spec/lib/puppet/test_ca.rb

@@ -30,7 +30,7 @@ module Puppet
     end
 
     def create_request(name)
-      key = OpenSSL::PKey::RSA.new(1024)
+      key = OpenSSL::PKey::RSA.new(2048)
       csr = OpenSSL::X509::Request.new
       csr.public_key = key.public_key
       csr.subject = OpenSSL::X509::Name.new([["CN", name]])
@@ -127,7 +127,7 @@ module Puppet
       key = if opts[:key_type] == :ec
               key = OpenSSL::PKey::EC.generate('prime256v1')
             else
-              key = OpenSSL::PKey::RSA.new(1024)
+              key = OpenSSL::PKey::RSA.new(2048)
             end
       cert = OpenSSL::X509::Certificate.new
       cert.public_key = if key.is_a?(OpenSSL::PKey::EC)

data/spec/unit/application/agent_spec.rb

@@ -546,11 +546,16 @@ describe Puppet::Application::Agent do
         @puppetd.options[:digest] = :MD5
       end
 
+      def expected_fingerprint(name, x509)
+        digest = OpenSSL::Digest.new(name).hexdigest(x509.to_der)
+        digest.scan(/../).join(':').upcase
+      end
+
       it "should fingerprint the certificate if it exists" do
         cert = cert_fixture('signed.pem')
         allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(cert)
 
-        expect(@puppetd).to receive(:puts).with('(MD5) E2:BA:9A:EF:20:A8:7D:10:8D:82:9A:61:5D:FD:5B:33')
+        expect(@puppetd).to receive(:puts).with("(MD5) #{expected_fingerprint('md5', cert)}")
 
         @puppetd.fingerprint
       end
@@ -560,7 +565,7 @@ describe Puppet::Application::Agent do
         allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(nil)
         allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_request).and_return(request)
 
-        expect(@puppetd).to receive(:puts).with('(MD5) B8:4C:FB:31:AE:17:86:E3:AD:53:97:CA:F6:3C:4A:CB')
+        expect(@puppetd).to receive(:puts).with("(MD5) #{expected_fingerprint('md5', request)}")
 
         @puppetd.fingerprint
       end

data/spec/unit/configurer/downloader_spec.rb

@@ -81,6 +81,12 @@ describe Puppet::Configurer::Downloader do
       expect(file[:source_permissions]).to eq(:ignore)
     end
 
+    it "should ignore the max file limit" do
+      file = generate_file_resource
+
+      expect(file[:max_files]).to eq(-1)
+    end
+
     describe "on POSIX", :if => Puppet.features.posix? do
       it "should allow source_permissions to be overridden" do
         file = generate_file_resource(:source_permissions => :use)

data/spec/unit/configurer_spec.rb

@@ -1072,6 +1072,29 @@ describe Puppet::Configurer do
       }.to raise_error(Puppet::Error, /Could not select a functional puppet server from server_list: 'myserver:123,someotherservername'/)
     end
 
+    it "should warn when servers in 'server_list' are unreachable" do
+      Puppet.settings[:server_list] = "mybadserver1:123,mybadserver2:123,mygoodserver"
+      Puppet[:usecacheonfailure] = false
+
+      stub_request(:get, 'https://mybadserver1:123/status/v1/simple/master').and_raise(Puppet::HTTP::HTTPError)
+      stub_request(:get, 'https://mybadserver2:123/status/v1/simple/master').and_raise(Puppet::HTTP::HTTPError)
+      stub_request(:get, 'https://mygoodserver:8140/status/v1/simple/master').to_return(status: 200)
+      
+      expect(Puppet).to receive(:warning).with(/^Unable to connect to server from server_list setting:.*Trying with next server from server_list.$/).twice
+      configurer.run
+    end
+
+    it "should warn when servers in 'server_list' respond with error" do
+      Puppet.settings[:server_list] = "mybadserver:123,someotherservername"
+      Puppet[:usecacheonfailure] = false
+
+      stub_request(:get, 'https://mybadserver:123/status/v1/simple/master').to_return(status: 400)
+      stub_request(:get, 'https://someotherservername:8140/status/v1/simple/master').to_return(status: 200)
+
+      expect(Puppet).to receive(:warning).with(/^Puppet server mybadserver:123 is unavailable: 400  Trying with next server from server_list.$/)
+      configurer.run
+    end
+
     it "should not error when usecacheonfailure is true and no servers in 'server_list' are reachable" do
       Puppet.settings[:server_list] = "myserver:123,someotherservername"
       Puppet[:usecacheonfailure] = true

data/spec/unit/file_serving/fileset_spec.rb

@@ -46,6 +46,13 @@ describe Puppet::FileServing::Fileset do
       expect(set.recurselimit).to eq(3)
     end
 
+    it "accepts a 'max_files' option" do
+      expect(Puppet::FileSystem).to receive(:lstat).with(somefile).and_return(double('stat'))
+      set = Puppet::FileServing::Fileset.new(somefile, :recurselimit => 3, :max_files => 100)
+      expect(set.recurselimit).to eq(3)
+      expect(set.max_files).to eq(100)
+    end
+
     it "accepts an 'ignore' option" do
       expect(Puppet::FileSystem).to receive(:lstat).with(somefile).and_return(double('stat'))
       set = Puppet::FileServing::Fileset.new(somefile, :ignore => ".svn")
@@ -160,6 +167,29 @@ describe Puppet::FileServing::Fileset do
       end
     end
 
+    def mock_big_dir_structure(path, stat_method = :lstat)
+      allow(Puppet::FileSystem).to receive(stat_method).with(path).and_return(@dirstat)
+
+      # Keep track of the files we're stubbing.
+      @files = %w{.}
+
+      top_names = (1..10).map {|i| "dir_#{i}" }
+      sub_names = (1..100).map {|i| "file__#{i}" }
+
+      allow(Dir).to receive(:entries).with(path, encoding: Encoding::UTF_8).and_return(top_names)
+      top_names.each do |subdir|
+        @files << subdir # relative path
+        subpath = File.join(path, subdir)
+        allow(Puppet::FileSystem).to receive(stat_method).with(subpath).and_return(@dirstat)
+        allow(Dir).to receive(:entries).with(subpath, encoding: Encoding::UTF_8).and_return(sub_names)
+        sub_names.each do |file|
+          @files << File.join(subdir, file) # relative path
+          subfile_path = File.join(subpath, file)
+          allow(Puppet::FileSystem).to receive(stat_method).with(subfile_path).and_return(@filestat)
+        end
+      end
+    end
+
     def setup_mocks_for_dir(mock_dir, base_path)
       path = File.join(base_path, mock_dir.name)
       allow(Puppet::FileSystem).to receive(:lstat).with(path).and_return(MockStat.new(path, true))
@@ -258,6 +288,36 @@ describe Puppet::FileServing::Fileset do
       expect(@fileset.files.find { |file| file.include?("0") }).to be_nil
     end
 
+    it "raises exception if number of files is greater than :max_files" do
+      mock_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = 22
+      expect { @fileset.files }.to raise_error(Puppet::Error, "The directory '#{@path}' contains 28 entries, which exceeds the limit of 22 specified by the max_files parameter for this resource. The limit may be increased, but be aware that large number of file resources can result in excessive resource consumption and degraded performance. Consider using an alternate method to manage large directory trees")
+    end
+
+    it "logs a warning if number of files is greater than soft max_files limit of 1000" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      expect(Puppet).to receive(:warning).with("The directory '#{@path}' contains 1010 entries, which exceeds the default soft limit 1000 and may cause excessive resource consumption and degraded performance. To remove this warning set a value for `max_files` parameter or consider using an alternate method to manage large directory trees")
+      expect { @fileset.files }.to_not raise_error
+    end
+
+    it "does not emit a warning if max_files is -1" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = -1
+      expect(Puppet).to receive(:warning).never
+      @fileset.files
+    end
+
+    it "does not emit a warning if max_files is `-1`(string)" do
+      mock_big_dir_structure(@path)
+      @fileset.recurse = true
+      @fileset.max_files = '-1'
+      expect(Puppet).to receive(:warning).never
+      @fileset.files
+    end
+
     it "ignores files that match a pattern given as a boolean" do
       mock_dir_structure(@path)
       @fileset.recurse = true

data/spec/unit/gettext/config_spec.rb

@@ -27,6 +27,18 @@ describe Puppet::GettextConfig do
     Puppet::GettextConfig.delete_all_text_domains
   end
 
+  # These tests assume gettext is enabled, but it will be disabled when the
+  # first time the `Puppet[:disable_i18n]` setting is resolved
+  around(:each) do |example|
+    disabled = Puppet::GettextConfig.instance_variable_get(:@gettext_disabled)
+    Puppet::GettextConfig.instance_variable_set(:@gettext_disabled, false)
+    begin
+      example.run
+    ensure
+      Puppet::GettextConfig.instance_variable_set(:@gettext_disabled, disabled)
+    end
+  end
+
   describe 'setting and getting the locale' do
     it 'should return "en" when gettext is unavailable' do
       allow(Puppet::GettextConfig).to receive(:gettext_loaded?).and_return(false)