puppet 8.1.0-universal-darwin → 8.2.0-universal-darwin

data/spec/fixtures/ssl/unknown-ca-key.pem

@@ -1,117 +1,117 @@
-RSA Private-Key: (2048 bit, 2 primes)
+Private-Key: (2048 bit, 2 primes)
 modulus:
-    00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
-    03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
-    fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
-    a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
-    23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
-    ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
-    10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
-    e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
-    28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
-    cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
-    9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
-    88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
-    88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
-    c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
-    36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
-    af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
-    3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
-    0e:a3
+    00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
+    fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
+    29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
+    fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
+    30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
+    11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
+    e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
+    22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
+    4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
+    98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
+    4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
+    a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
+    a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
+    02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
+    fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
+    70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
+    11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
+    63:a3
 publicExponent: 65537 (0x10001)
 privateExponent:
-    00:9b:ce:8e:a2:47:93:5b:b3:be:c8:75:2c:84:7a:
-    97:df:f5:78:11:37:6d:cc:c9:35:2d:a7:8a:ed:2c:
-    4b:df:c5:34:53:74:be:f5:e9:f6:7a:6c:f2:73:e9:
-    a7:75:9d:c4:f4:4a:36:16:cd:c6:85:56:2c:a0:ed:
-    8f:0a:20:76:b9:f8:8d:0c:d2:60:c7:ca:34:27:49:
-    37:aa:bf:1e:be:f2:73:e8:19:c6:46:42:50:f0:e6:
-    aa:63:0f:c3:ef:b9:aa:37:63:4d:75:9a:40:97:77:
-    29:7d:c8:ad:ee:84:55:dc:3d:bf:73:d6:70:af:07:
-    41:75:a1:81:2f:29:00:59:11:3e:98:49:12:ec:e9:
-    9d:ca:ca:71:1e:bc:2f:9f:13:9c:5c:01:54:6d:69:
-    6b:85:6f:2a:2f:96:a5:38:37:e3:0c:7d:9f:6c:12:
-    a4:13:1b:bf:cb:35:16:88:a6:c6:47:6f:0b:61:22:
-    c2:de:00:7a:b1:70:f6:1e:01:99:70:87:1d:23:21:
-    0f:bf:41:59:16:75:40:8e:7c:50:73:bb:ce:17:7c:
-    07:ec:f2:83:12:95:4e:6a:ac:79:89:8f:32:58:61:
-    af:55:df:30:1d:3a:d1:f3:fa:ee:74:27:73:62:f8:
-    c4:e2:b2:e3:a5:64:e4:6b:4b:86:13:44:00:3d:51:
-    45:d9
+    12:00:67:61:98:69:a3:4d:eb:21:43:36:b5:31:f0:
+    4a:46:4d:8f:2b:63:39:ea:b0:28:82:0e:d6:aa:07:
+    9d:ca:5c:7b:f3:d1:8f:f5:48:7c:1e:d3:26:78:be:
+    cc:c8:a2:4d:d4:d5:99:13:f9:90:93:4d:22:7b:ad:
+    74:d4:60:82:07:62:c5:53:d4:7a:dc:5a:a6:17:e5:
+    b9:04:8b:6c:32:c2:e9:eb:0b:38:49:6e:70:f8:3d:
+    73:0e:6d:99:2a:77:4c:ae:0b:55:e6:6b:db:db:84:
+    db:6f:d5:88:8b:58:09:3f:ce:8e:3b:b9:d8:11:bf:
+    50:86:c7:b0:32:01:48:9f:a3:5d:c2:dc:9a:67:2f:
+    94:70:99:08:31:bf:a3:e3:89:de:e2:f1:8c:4d:73:
+    5c:68:ac:76:36:4f:0d:ce:e8:62:5a:32:44:7a:13:
+    fa:9a:46:2e:30:aa:66:10:43:81:5d:57:65:99:3c:
+    82:0c:65:83:44:36:6a:e1:0d:44:16:74:e1:c6:a8:
+    9a:3d:a5:fa:a2:7e:cb:a1:76:c0:21:e0:4c:ea:a2:
+    f2:d9:a7:53:a8:41:39:db:51:c7:5d:31:b2:04:86:
+    4b:7d:cf:11:10:16:b3:b1:22:37:29:c4:20:7e:b0:
+    0c:7b:ac:89:78:6b:ef:3b:98:29:c2:23:29:9f:4e:
+    89
 prime1:
-    00:da:9b:01:67:9b:20:66:3b:69:da:ce:9e:ac:fa:
-    03:84:8e:da:fb:04:8d:9b:f0:ff:c9:55:a4:26:c4:
-    b8:e3:1c:47:7d:fb:f5:2e:f6:50:22:75:63:ac:b7:
-    2d:f0:d5:75:0f:04:d5:e6:ee:75:9c:15:9f:e4:5c:
-    76:2c:0b:df:7f:9d:5f:16:3a:8a:82:36:6b:c9:fc:
-    49:e1:83:fe:cf:85:e1:fc:80:60:06:33:b2:e6:54:
-    6c:ba:29:6e:e4:3a:ee:d7:e6:0a:d6:bd:27:5d:40:
-    e0:89:97:89:2a:3e:cf:a5:ec:ae:5f:db:df:3e:e8:
-    c4:b0:9a:77:96:4d:a1:5e:5d
+    00:c0:6f:d4:87:c5:6a:30:aa:2a:5e:a1:f9:0c:0e:
+    c8:14:8e:56:8a:57:15:13:a9:10:31:a4:c9:62:21:
+    60:a0:98:a9:fa:82:8e:c6:c7:3a:1f:bb:2b:db:32:
+    e9:fc:9e:93:8e:d7:4c:1a:3a:87:11:76:a7:e9:7b:
+    1f:5c:2a:8f:22:d5:24:e1:5b:7d:fe:15:cd:af:43:
+    20:52:c8:2f:b1:a9:7c:11:5d:7a:61:71:d5:a8:e7:
+    22:66:4f:40:08:bf:75:b5:c4:7a:db:83:52:6c:88:
+    f9:27:6b:fd:8c:0d:05:f7:30:6f:0f:f7:7c:21:58:
+    aa:45:34:b1:73:12:63:45:af
 prime2:
-    00:d3:58:ea:f8:aa:9b:e0:95:aa:81:27:f4:1a:5e:
-    ae:60:bf:0f:37:be:b8:64:78:d4:ce:47:7e:21:82:
-    49:a7:f6:ff:15:62:1c:87:e8:c2:d5:d2:9b:d2:21:
-    87:36:36:66:bc:03:23:8f:5e:09:2b:4f:a2:8a:7f:
-    ea:c8:ea:fb:21:54:4a:ba:b8:14:74:59:50:fa:31:
-    cf:31:c3:22:32:4a:db:05:b6:3c:f5:9f:6b:cd:3c:
-    6b:1b:48:b0:b5:13:5d:c7:b6:13:4e:09:85:e2:db:
-    38:ac:ee:27:42:d8:49:47:9e:0c:59:95:97:e7:c2:
-    78:0a:65:c9:ee:29:e8:50:ff
+    00:df:89:89:3a:49:8a:0f:91:87:04:b4:aa:73:d6:
+    b7:03:60:20:60:2e:b8:c0:eb:c4:70:ef:19:d6:ce:
+    72:ae:4c:b6:bb:c4:45:20:e7:8d:1a:44:4a:e4:1a:
+    67:67:42:28:93:32:b7:f2:90:04:53:88:46:1b:8a:
+    79:b8:18:fb:11:92:a3:fc:7e:b0:75:29:99:ee:89:
+    d9:5d:4e:fa:09:e0:cf:9f:e4:23:bc:72:97:32:99:
+    fc:14:78:ca:bc:b5:73:08:f8:cc:9b:81:ea:ae:71:
+    5b:f7:b0:f8:1b:16:0a:28:4e:01:11:40:e1:68:10:
+    5c:26:84:74:a7:a3:a8:f2:4d
 exponent1:
-    50:f7:12:19:1e:72:6c:8a:da:d4:e8:ac:0a:62:fb:
-    04:90:a8:78:4a:22:6c:bc:60:f0:5f:e0:d1:5f:11:
-    1f:44:ad:11:f3:4c:c7:1d:01:67:11:d5:5d:f5:e6:
-    75:09:8a:36:8a:d2:f2:9a:25:43:2f:1b:2e:48:34:
-    98:71:b9:50:99:a7:cb:22:d9:84:0a:c5:f7:64:92:
-    b4:8c:df:c6:5a:ce:ed:67:5a:a9:51:62:94:3e:76:
-    9a:a8:97:e2:be:15:12:2f:a8:9a:0a:2a:d7:36:1d:
-    33:b8:c5:5b:b9:31:cd:41:90:ff:fd:fe:7c:5d:57:
-    e4:15:01:ef:d0:46:d1:1d
+    00:86:75:9d:2a:c0:e5:d1:db:14:7f:ca:ed:19:5f:
+    ba:ad:a2:47:15:a2:83:37:99:89:97:26:6d:10:04:
+    02:60:34:4b:90:9e:68:e4:bb:90:01:5b:e6:e8:e2:
+    4a:5c:18:f1:41:7d:6d:cf:65:d5:ba:7e:0e:15:35:
+    d2:53:b3:e9:0f:8d:9e:97:58:36:50:b3:2b:64:aa:
+    a2:8b:35:15:1e:2e:2e:62:73:ce:6f:07:fb:22:69:
+    5d:bf:de:df:ff:3c:c8:22:99:86:be:9a:a3:9c:f2:
+    98:24:d3:6f:f5:cb:a3:bf:74:38:26:0f:e6:cb:e6:
+    08:13:13:1e:6a:29:0e:f4:41
 exponent2:
-    00:91:f0:d9:b8:c2:df:06:b3:72:dc:e3:00:fd:e0:
-    99:9b:76:f3:84:33:ef:d2:79:59:c1:e3:be:66:57:
-    38:93:82:cc:dc:30:36:b1:66:fa:7b:7a:86:5d:11:
-    07:f4:58:96:92:87:bc:5b:78:bc:ee:2a:7c:7c:15:
-    1e:c4:84:f6:cb:2a:10:bc:64:f6:c2:ed:16:2c:de:
-    8e:4b:b7:8a:7a:9e:14:26:1a:94:77:ac:11:5d:d4:
-    b5:c5:4e:69:af:70:63:16:d0:54:fe:53:37:1f:d2:
-    ef:8d:02:9b:1b:de:8c:a3:a6:b0:b2:7f:c9:38:a1:
-    a2:10:d3:ff:1f:b5:d2:95:73
+    00:b3:dc:7a:6a:47:d9:aa:85:31:da:7b:73:db:19:
+    1c:d0:be:7b:ce:68:49:88:11:2c:52:a2:50:6c:22:
+    58:ec:1e:15:ba:27:46:68:1f:67:cd:86:bd:ab:a4:
+    03:27:76:78:27:58:5b:e1:f4:37:46:ef:13:59:fd:
+    a5:ca:97:6f:0c:c8:ac:e1:f1:1e:12:67:92:cf:f8:
+    62:c9:4d:4e:aa:bc:14:d3:56:41:da:d3:69:0c:f2:
+    11:7e:77:62:c9:4c:46:6f:25:a1:9c:4e:80:82:33:
+    fc:07:e4:80:fd:6a:52:69:f3:b9:b0:24:40:39:f7:
+    4f:ee:3e:0d:8f:05:84:5e:d1
 coefficient:
-    00:bb:0a:77:ec:98:3c:fe:92:2b:66:06:7a:2a:80:
-    a6:41:bb:d8:60:7e:fa:90:41:f3:4d:e4:4e:95:1e:
-    48:19:33:49:9a:24:09:6c:17:98:ce:72:09:ad:96:
-    43:3a:16:6c:16:cd:38:39:13:58:3e:dc:89:98:08:
-    38:d3:e5:d8:c1:34:8c:71:a9:88:a1:79:23:af:ad:
-    94:04:7a:ca:20:82:76:af:84:2a:43:c4:d6:96:b0:
-    c8:f7:e6:be:4c:e8:d8:7c:bb:79:7a:c8:d9:32:72:
-    81:63:9f:2c:45:33:e3:6a:6a:42:3d:d6:19:b4:0d:
-    0d:15:1b:44:67:47:ef:b6:2e
+    6d:a8:08:7a:ad:94:c8:0f:dc:07:57:71:1b:a7:3a:
+    4d:b9:a5:39:81:36:75:c3:ff:b5:ed:7c:6a:df:28:
+    f6:22:1e:33:a6:48:31:8f:dc:ba:03:72:e6:51:39:
+    d1:ce:c5:0a:7c:a3:dd:44:9b:1b:38:94:44:ce:1e:
+    c5:6b:f1:4d:c8:e8:6d:ed:ad:1e:8c:86:50:98:fb:
+    90:4a:25:d5:3d:2f:66:a7:b9:d6:5d:84:e7:77:25:
+    69:0b:89:4b:30:53:7c:74:01:72:37:91:31:2b:aa:
+    54:92:9e:41:18:a1:8c:0e:c6:74:c9:0b:1e:be:76:
+    06:54:29:52:c6:a1:26:01
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAtHmwFuebIiAXSzaH6zgDH9+IABs3QF4fHYkfPvT6aZCc2Gjf
-yHEHB04BHfCommeUr0fyuGD1yvu7rHwjWFm8lbCtssegKOFPHsTvXyujTvJqlchP
-9a+8+jYQ+aliegTVAc2bupcyTJnliPwFhDT1SvLx7ATHx2Mo657ukc2Vi2CeX1Gh
-K1rNArKnUmzRiquxxFLNEM6eViRsY4QsFWzAYurC2QSI4uIP/86HUet3UIMzHMeI
-WwjUOiIvE6aJ90ugLjDBEnq7Nx+qh1ZEL1pjS7I29ileuGdSb2MqrT3DpUWvl+mF
-nnYeUZxoNlgyrc8+TfCS4q3W8OFdrwjKKoIOowIDAQABAoIBAQCbzo6iR5Nbs77I
-dSyEepff9XgRN23MyTUtp4rtLEvfxTRTdL716fZ6bPJz6ad1ncT0SjYWzcaFViyg
-7Y8KIHa5+I0M0mDHyjQnSTeqvx6+8nPoGcZGQlDw5qpjD8Pvuao3Y011mkCXdyl9
-yK3uhFXcPb9z1nCvB0F1oYEvKQBZET6YSRLs6Z3KynEevC+fE5xcAVRtaWuFbyov
-lqU4N+MMfZ9sEqQTG7/LNRaIpsZHbwthIsLeAHqxcPYeAZlwhx0jIQ+/QVkWdUCO
-fFBzu84XfAfs8oMSlU5qrHmJjzJYYa9V3zAdOtHz+u50J3Ni+MTisuOlZORrS4YT
-RAA9UUXZAoGBANqbAWebIGY7adrOnqz6A4SO2vsEjZvw/8lVpCbEuOMcR3379S72
-UCJ1Y6y3LfDVdQ8E1ebudZwVn+RcdiwL33+dXxY6ioI2a8n8SeGD/s+F4fyAYAYz
-suZUbLopbuQ67tfmCta9J11A4ImXiSo+z6Xsrl/b3z7oxLCad5ZNoV5dAoGBANNY
-6viqm+CVqoEn9BpermC/Dze+uGR41M5HfiGCSaf2/xViHIfowtXSm9IhhzY2ZrwD
-I49eCStPoop/6sjq+yFUSrq4FHRZUPoxzzHDIjJK2wW2PPWfa808axtIsLUTXce2
-E04JheLbOKzuJ0LYSUeeDFmVl+fCeAplye4p6FD/AoGAUPcSGR5ybIra1OisCmL7
-BJCoeEoibLxg8F/g0V8RH0StEfNMxx0BZxHVXfXmdQmKNorS8polQy8bLkg0mHG5
-UJmnyyLZhArF92SStIzfxlrO7WdaqVFilD52mqiX4r4VEi+omgoq1zYdM7jFW7kx
-zUGQ//3+fF1X5BUB79BG0R0CgYEAkfDZuMLfBrNy3OMA/eCZm3bzhDPv0nlZweO+
-Zlc4k4LM3DA2sWb6e3qGXREH9FiWkoe8W3i87ip8fBUexIT2yyoQvGT2wu0WLN6O
-S7eKep4UJhqUd6wRXdS1xU5pr3BjFtBU/lM3H9LvjQKbG96Mo6awsn/JOKGiENP/
-H7XSlXMCgYEAuwp37Jg8/pIrZgZ6KoCmQbvYYH76kEHzTeROlR5IGTNJmiQJbBeY
-znIJrZZDOhZsFs04ORNYPtyJmAg40+XYwTSMcamIoXkjr62UBHrKIIJ2r4QqQ8TW
-lrDI9+a+TOjYfLt5esjZMnKBY58sRTPjampCPdYZtA0NFRtEZ0fvti4=
+MIIEpAIBAAKCAQEAqAjNIqr6oTgO2L4vV7b79eKbBHJJVhVxQh0SqI8pA2PhKh/s
+TWc9fV4npSH+Fjig9d5cduxxfWyuyoowXf45xUrQFBN2tYnYWHoRdlQ+TeO++fty
+gLwZBw/gU0Zb8UWM0lyv5A+rfbwiPHqxlX1qBEv60ugexDlLvdx+abqOqZalF+Su
+Tj6YrStVlaxtQEsgVVExmJ5O3rQ3MVvZOmzksQoZzl6o4imX3j3HUFT78o8qpFil
+UoILUshObF14EMZLBTYC5N+8lUpHt+jki21Gq/v7QWu7kMQbWn07LhktDZVw0hD5
+ehrujyDLjY2/I3UR3QKr4/2esQU7Yy6rh5NjowIDAQABAoIBABIAZ2GYaaNN6yFD
+NrUx8EpGTY8rYznqsCiCDtaqB53KXHvz0Y/1SHwe0yZ4vszIok3U1ZkT+ZCTTSJ7
+rXTUYIIHYsVT1HrcWqYX5bkEi2wywunrCzhJbnD4PXMObZkqd0yuC1Xma9vbhNtv
+1YiLWAk/zo47udgRv1CGx7AyAUifo13C3JpnL5RwmQgxv6Pjid7i8YxNc1xorHY2
+Tw3O6GJaMkR6E/qaRi4wqmYQQ4FdV2WZPIIMZYNENmrhDUQWdOHGqJo9pfqifsuh
+dsAh4EzqovLZp1OoQTnbUcddMbIEhkt9zxEQFrOxIjcpxCB+sAx7rIl4a+87mCnC
+IymfTokCgYEAwG/Uh8VqMKoqXqH5DA7IFI5WilcVE6kQMaTJYiFgoJip+oKOxsc6
+H7sr2zLp/J6TjtdMGjqHEXan6XsfXCqPItUk4Vt9/hXNr0MgUsgvsal8EV16YXHV
+qOciZk9ACL91tcR624NSbIj5J2v9jA0F9zBvD/d8IViqRTSxcxJjRa8CgYEA34mJ
+OkmKD5GHBLSqc9a3A2AgYC64wOvEcO8Z1s5yrky2u8RFIOeNGkRK5BpnZ0IokzK3
+8pAEU4hGG4p5uBj7EZKj/H6wdSmZ7onZXU76CeDPn+QjvHKXMpn8FHjKvLVzCPjM
+m4HqrnFb97D4GxYKKE4BEUDhaBBcJoR0p6Oo8k0CgYEAhnWdKsDl0dsUf8rtGV+6
+raJHFaKDN5mJlyZtEAQCYDRLkJ5o5LuQAVvm6OJKXBjxQX1tz2XVun4OFTXSU7Pp
+D42el1g2ULMrZKqiizUVHi4uYnPObwf7Imldv97f/zzIIpmGvpqjnPKYJNNv9cuj
+v3Q4Jg/my+YIExMeaikO9EECgYEAs9x6akfZqoUx2ntz2xkc0L57zmhJiBEsUqJQ
+bCJY7B4VuidGaB9nzYa9q6QDJ3Z4J1hb4fQ3Ru8TWf2lypdvDMis4fEeEmeSz/hi
+yU1OqrwU01ZB2tNpDPIRfndiyUxGbyWhnE6AgjP8B+SA/WpSafO5sCRAOfdP7j4N
+jwWEXtECgYBtqAh6rZTID9wHV3EbpzpNuaU5gTZ1w/+17Xxq3yj2Ih4zpkgxj9y6
+A3LmUTnRzsUKfKPdRJsbOJREzh7Fa/FNyOht7a0ejIZQmPuQSiXVPS9mp7nWXYTn
+dyVpC4lLMFN8dAFyN5ExK6pUkp5BGKGMDsZ0yQsevnYGVClSxqEmAQ==
 -----END RSA PRIVATE KEY-----

data/spec/fixtures/ssl/unknown-ca.pem

@@ -6,30 +6,30 @@ Certificate:
         Issuer: CN=Unknown CA
         Validity
             Not Before: Jan  1 00:00:00 1970 GMT
-            Not After : Jun 15 01:19:37 2031 GMT
+            Not After : Jun 24 21:18:00 2033 GMT
         Subject: CN=Unknown CA
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
-                RSA Public-Key: (2048 bit)
+                Public-Key: (2048 bit)
                 Modulus:
-                    00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
-                    03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
-                    fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
-                    a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
-                    23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
-                    ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
-                    10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
-                    e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
-                    28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
-                    cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
-                    9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
-                    88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
-                    88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
-                    c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
-                    36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
-                    af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
-                    3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
-                    0e:a3
+                    00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
+                    fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
+                    29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
+                    fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
+                    30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
+                    11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
+                    e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
+                    22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
+                    4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
+                    98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
+                    4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
+                    a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
+                    a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
+                    02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
+                    fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
+                    70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
+                    11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
+                    63:a3
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
@@ -37,45 +37,45 @@ Certificate:
             X509v3 Key Usage: critical
                 Certificate Sign, CRL Sign
             X509v3 Subject Key Identifier: 
-                D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
+                EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
             Netscape Comment: 
                 Puppet Server Internal Certificate
             X509v3 Authority Key Identifier: 
-                keyid:D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
-
+                EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
     Signature Algorithm: sha256WithRSAEncryption
-         51:79:86:29:27:07:e5:fc:59:83:2d:15:ae:5f:c4:bc:0a:71:
-         2c:71:74:20:14:ce:47:8f:cf:79:03:76:bd:df:c9:e9:7f:12:
-         b2:4e:5a:c5:4f:e1:0b:c3:17:44:92:37:af:10:08:75:9a:d9:
-         c5:0d:66:e9:24:2b:ec:00:aa:de:2f:ce:df:04:fa:49:d9:bd:
-         bd:5e:7b:e4:e7:1e:9e:20:d3:85:70:b4:95:b5:1d:2e:fa:0c:
-         b4:47:5a:38:ec:b0:bd:7e:34:5f:4d:9d:1f:81:81:8a:6c:a6:
-         94:fb:f8:41:d6:a3:e4:64:3a:b7:12:4f:9e:4e:60:4a:12:a9:
-         d1:87:a5:a8:31:91:16:96:50:73:87:64:46:f1:f2:f9:99:80:
-         a2:89:e9:99:57:48:8a:56:08:d7:8d:a9:1d:69:7c:8f:73:e5:
-         53:2d:28:ee:70:d7:f8:fe:41:25:3e:4c:6c:de:31:3f:9e:7d:
-         c4:f0:67:e9:fc:a3:02:c7:39:19:f5:6f:59:6a:ca:bb:8c:c8:
-         e6:01:43:ad:95:67:3f:c0:d6:35:18:b1:6e:9f:e1:ce:c7:be:
-         35:f0:7b:65:e7:79:82:c3:b6:f7:48:28:98:d0:5c:3c:97:f3:
-         69:b3:5e:c3:a0:c5:82:02:6f:20:d0:1b:cd:43:b0:85:7e:4f:
-         71:b9:f3:8f
+    Signature Value:
+        5a:5d:26:6a:dc:aa:0e:66:c5:9c:b8:15:09:20:25:0a:46:be:
+        6b:b9:b4:6d:a9:74:e3:cd:a4:40:4a:dc:71:d2:fa:50:3c:b9:
+        6e:0d:4b:c8:b9:d3:26:06:1b:3a:d7:e5:02:fd:ec:ad:e2:4b:
+        ad:19:49:57:11:a3:4c:0e:67:5c:46:63:7a:aa:8f:ca:f0:f5:
+        5e:ad:bf:85:3d:1b:88:b8:a8:21:da:25:9c:27:96:70:60:83:
+        0e:de:09:c3:a8:20:5f:9a:47:47:70:c8:94:aa:a5:2b:2d:bc:
+        c3:74:ee:ff:63:88:95:84:83:fe:66:99:e8:90:c0:ed:3b:1d:
+        00:84:1a:29:43:15:53:9d:71:13:71:bf:5b:9a:7d:4e:e1:e2:
+        28:1e:38:55:92:f8:16:28:8d:9b:1e:9a:fb:a7:7a:6e:b7:66:
+        56:ed:b6:36:ef:f8:f6:21:c9:20:f3:f4:13:9e:a6:21:2e:2c:
+        ca:55:b0:2b:6d:2d:4a:58:f5:30:d8:70:eb:66:ac:ea:a8:64:
+        23:0d:e8:39:28:34:f5:16:22:f0:84:c1:2a:9b:89:55:8f:72:
+        c2:6c:f0:62:bf:39:04:2c:fc:c1:f5:40:ad:fc:b0:c9:0f:ae:
+        8d:f4:ce:1b:24:27:06:21:8e:9a:9a:56:40:d8:fe:b2:46:46:
+        44:61:43:7c
 -----BEGIN CERTIFICATE-----
 MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
-b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMxMDYxNTAxMTkzN1owFTETMBEGA1UE
-AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALR5
-sBbnmyIgF0s2h+s4Ax/fiAAbN0BeHx2JHz70+mmQnNho38hxBwdOAR3wqJpnlK9H
-8rhg9cr7u6x8I1hZvJWwrbLHoCjhTx7E718ro07yapXIT/WvvPo2EPmpYnoE1QHN
-m7qXMkyZ5Yj8BYQ09Ury8ewEx8djKOue7pHNlYtgnl9RoStazQKyp1Js0YqrscRS
-zRDOnlYkbGOELBVswGLqwtkEiOLiD//Oh1Hrd1CDMxzHiFsI1DoiLxOmifdLoC4w
-wRJ6uzcfqodWRC9aY0uyNvYpXrhnUm9jKq09w6VFr5fphZ52HlGcaDZYMq3PPk3w
-kuKt1vDhXa8IyiqCDqMCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
-DwEB/wQEAwIBBjAdBgNVHQ4EFgQU0M1ASYj2dLu01wU3dDOxwidzgcswMQYJYIZI
+b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMzMDYyNDIxMTgwMFowFTETMBEGA1UE
+AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgI
+zSKq+qE4Dti+L1e2+/XimwRySVYVcUIdEqiPKQNj4Sof7E1nPX1eJ6Uh/hY4oPXe
+XHbscX1srsqKMF3+OcVK0BQTdrWJ2Fh6EXZUPk3jvvn7coC8GQcP4FNGW/FFjNJc
+r+QPq328Ijx6sZV9agRL+tLoHsQ5S73cfmm6jqmWpRfkrk4+mK0rVZWsbUBLIFVR
+MZieTt60NzFb2Tps5LEKGc5eqOIpl949x1BU+/KPKqRYpVKCC1LITmxdeBDGSwU2
+AuTfvJVKR7fo5IttRqv7+0Fru5DEG1p9Oy4ZLQ2VcNIQ+Xoa7o8gy42NvyN1Ed0C
+q+P9nrEFO2Muq4eTY6MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBBjAdBgNVHQ4EFgQU7IaaJF02Sygk3d91UtGDGTM3RukwMQYJYIZI
 AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
-VR0jBBgwFoAU0M1ASYj2dLu01wU3dDOxwidzgcswDQYJKoZIhvcNAQELBQADggEB
-AFF5hiknB+X8WYMtFa5fxLwKcSxxdCAUzkePz3kDdr3fyel/ErJOWsVP4QvDF0SS
-N68QCHWa2cUNZukkK+wAqt4vzt8E+knZvb1ee+TnHp4g04VwtJW1HS76DLRHWjjs
-sL1+NF9NnR+BgYpsppT7+EHWo+RkOrcST55OYEoSqdGHpagxkRaWUHOHZEbx8vmZ
-gKKJ6ZlXSIpWCNeNqR1pfI9z5VMtKO5w1/j+QSU+TGzeMT+efcTwZ+n8owLHORn1
-b1lqyruMyOYBQ62VZz/A1jUYsW6f4c7HvjXwe2XneYLDtvdIKJjQXDyX82mzXsOg
-xYICbyDQG81DsIV+T3G5848=
+VR0jBBgwFoAU7IaaJF02Sygk3d91UtGDGTM3RukwDQYJKoZIhvcNAQELBQADggEB
+AFpdJmrcqg5mxZy4FQkgJQpGvmu5tG2pdOPNpEBK3HHS+lA8uW4NS8i50yYGGzrX
+5QL97K3iS60ZSVcRo0wOZ1xGY3qqj8rw9V6tv4U9G4i4qCHaJZwnlnBggw7eCcOo
+IF+aR0dwyJSqpSstvMN07v9jiJWEg/5mmeiQwO07HQCEGilDFVOdcRNxv1uafU7h
+4igeOFWS+BYojZsemvunem63Zlbttjbv+PYhySDz9BOepiEuLMpVsCttLUpY9TDY
+cOtmrOqoZCMN6DkoNPUWIvCEwSqbiVWPcsJs8GK/OQQs/MH1QK38sMkPro30zhsk
+JwYhjpqaVkDY/rJGRkRhQ3w=
 -----END CERTIFICATE-----

data/spec/integration/application/agent_spec.rb

@@ -15,6 +15,24 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
   let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
   let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
 
+  # Create temp fixtures since the agent will attempt to refresh the CA/CRL
+  before do
+    Puppet[:localcacert] = ca = tmpfile('ca')
+    Puppet[:hostcrl] = crl = tmpfile('crl')
+
+    copy_fixtures(%w[ca.pem intermediate.pem], ca)
+    copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
+  end
+
+  def copy_fixtures(sources, dest)
+    ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
+    File.open(dest, 'w') do |f|
+      sources.each do |s|
+        f.write(File.read(File.join(ssldir, s)))
+      end
+    end
+  end
+
   context 'server_list' do
     it "uses the first server in the list" do
       Puppet[:server_list] = '127.0.0.1'
@@ -835,23 +853,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       end
     end
 
-    def copy_fixtures(sources, dest)
-      ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
-      File.open(dest, 'w') do |f|
-        sources.each do |s|
-          f.write(File.read(File.join(ssldir, s)))
-        end
-      end
-    end
-
     it "reloads the CRL between runs" do
-      Puppet[:localcacert] = ca = tmpfile('ca')
-      Puppet[:hostcrl] = crl = tmpfile('crl')
       Puppet[:hostcert] = cert = tmpfile('cert')
       Puppet[:hostprivkey] = key = tmpfile('key')
 
-      copy_fixtures(%w[ca.pem intermediate.pem], ca)
-      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
       copy_fixtures(%w[127.0.0.1.pem], cert)
       copy_fixtures(%w[127.0.0.1-key.pem], key)
 
@@ -898,15 +903,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
     end
 
     it "refreshes the CA and CRL" do
-      Puppet[:localcacert] = ca = tmpfile('ca')
-      Puppet[:hostcrl] = crl = tmpfile('crl')
-      copy_fixtures(%w[ca.pem intermediate.pem], ca)
-      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
-
       now = Time.now
       yesterday = now - (60 * 60 * 24)
-      Puppet::FileSystem.touch(ca, mtime: yesterday)
-      Puppet::FileSystem.touch(crl, mtime: yesterday)
+      Puppet::FileSystem.touch(Puppet[:localcacert], mtime: yesterday)
+      Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
 
       server.start_server do |port|
         Puppet[:serverport] = port
@@ -920,17 +920,17 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
       end
 
       # If the CA is updated, then the CRL must be updated too
-      expect(Puppet::FileSystem.stat(ca).mtime).to be >= now
-      expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
+      expect(Puppet::FileSystem.stat(Puppet[:localcacert]).mtime).to be >= now
+      expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
     end
 
     it "refreshes only the CRL" do
-      Puppet[:hostcrl] = crl = tmpfile('crl')
-      copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
-
       now = Time.now
+      tomorrow = now + (60 * 60 * 24)
+      Puppet::FileSystem.touch(Puppet[:localcacert], mtime: tomorrow)
+
       yesterday = now - (60 * 60 * 24)
-      Puppet::FileSystem.touch(crl, mtime: yesterday)
+      Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
 
       server.start_server do |port|
         Puppet[:serverport] = port
@@ -943,7 +943,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
          .and output(/Info: Refreshed CRL: /).to_stdout
       end
 
-      expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
+      expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
     end
   end
 

data/spec/integration/application/apply_spec.rb

@@ -763,5 +763,19 @@ class amod::bad_type {
         .and output(/Notify\[runs before file\]/).to_stdout
         .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
     end
+
+    it "applies deferred sensitive file content" do
+      manifest = <<~END
+      file { '#{deferred_file}':
+        ensure => file,
+        content => Deferred('new', [Sensitive, "hello\n"])
+      }
+      END
+      apply.command_line.args = ['-e', manifest]
+      expect {
+        apply.run
+      }.to exit_with(0)
+        .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
+    end
   end
 end

data/spec/integration/http/client_spec.rb

@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
     end
   end
 
+  context 'ensure that retrying does not attempt to read the body after closing the connection' do
+    let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
+    it 'raises a retry error instead' do
+      response_proc = -> (req, res) {
+        res['Retry-After'] = 1
+        res.status = 503
+      }
+
+      https_server.start_server(response_proc: response_proc) do |port|
+        uri = URI("https://127.0.0.1:#{port}")
+        kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
+        expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
+      end
+    end
+  end
+
   context 'persistent connections' do
     it "detects when the server has closed the connection and reconnects" do
       Puppet[:http_debug] = true

data/spec/lib/puppet/test_ca.rb

@@ -131,20 +131,13 @@ module Puppet
     def build_cert(name, issuer, opts = {})
       key = if opts[:key_type] == :ec
               key = OpenSSL::PKey::EC.generate('prime256v1')
+            elsif opts[:reuse_key]
+              key = opts[:reuse_key]
             else
               key = OpenSSL::PKey::RSA.new(2048)
             end
       cert = OpenSSL::X509::Certificate.new
-      cert.public_key = if key.is_a?(OpenSSL::PKey::EC)
-                         # EC#public_key doesn't following the PKey API,
-                         # see https://github.com/ruby/openssl/issues/29
-                         point = key.public_key
-                         pubkey = OpenSSL::PKey::EC.new(point.group)
-                         pubkey.public_key = point
-                         pubkey
-                       else
-                         key.public_key
-                       end
+      cert.public_key = key
       cert.subject = OpenSSL::X509::Name.new([["CN", name]])
       cert.issuer = issuer
       cert.version = 2