Use :trusted_certs_dir from Chef::Config, only grab .crt and .pem files

3 files changed, 4 insertions, 4 deletions

diff --git a/lib/chef/knife/bootstrap/chef-full.erb b/lib/chef/knife/bootstrap/chef-full.erb
index 56c216dad0..a57d327173 100644
--- a/lib/chef/knife/bootstrap/chef-full.erb
+++ b/lib/chef/knife/bootstrap/chef-full.erb
@@ -52,7 +52,7 @@ chmod 0600 /etc/chef/encrypted_data_bag_secret
 
 <% if trusted_certs_dir -%>
 mkdir -p /etc/chef/trusted_certs
-<% Dir[File.join(trusted_certs_dir, "*")].each do |entry| %>
+<% Dir.glob(File.join(trusted_certs_dir, "*.{crt,pem}")).each do |entry| %>
 cat > <%= File.join("/etc/chef/trusted_certs", File.basename(entry)) %> <<'EOP'
 <%= IO.read(File.expand_path(entry)) %>
 EOP
diff --git a/lib/chef/knife/core/bootstrap_context.rb b/lib/chef/knife/core/bootstrap_context.rb
index 77881c7b66..43090f506a 100644
--- a/lib/chef/knife/core/bootstrap_context.rb
+++ b/lib/chef/knife/core/bootstrap_context.rb
@@ -54,8 +54,8 @@ class Chef
 
         def trusted_certs_dir
           # Check that the directory exists and is non empty
-          certs_dir = knife_config[:trusted_certs_dir].to_s # may convert nil to ""
-          if Dir.exist?(certs_dir) && !Dir[File.join(certs_dir, "*")].empty?
+          certs_dir = Chef::Config[:trusted_certs_dir].to_s # may convert nil to ""
+          if Dir.exist?(certs_dir) && !Dir[File.join(certs_dir, "*.{crt,pem}")].empty?
             certs_dir
           else
             nil
diff --git a/spec/unit/knife/bootstrap_spec.rb b/spec/unit/knife/bootstrap_spec.rb
index abd3e8abc4..3bfbfd2c48 100644
--- a/spec/unit/knife/bootstrap_spec.rb
+++ b/spec/unit/knife/bootstrap_spec.rb
@@ -364,7 +364,7 @@ describe Chef::Knife::Bootstrap do
     end
 
     before do
-      Chef::Config[:knife][:trusted_certs_dir] = trusted_certs_dir
+      Chef::Config[:trusted_certs_dir] = trusted_certs_dir
     end
 
     it "creates /etc/chef/trusted_certs" do