From d2a7249cde6fcfbfe0dba2f2639510625e0f848a Mon Sep 17 00:00:00 2001
From: clairecadman <claire.cadman@puppet.com>
Date: Mon, 10 Aug 2020 09:25:51 +0100
Subject: [PATCH] Update source with support for https URIs

---
 source/puppet/latest/type.md       | 15 ++++++++-------
 source/puppet/latest/types/file.md | 15 ++++++++-------
 2 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/source/puppet/latest/type.md b/source/puppet/latest/type.md
index 9c0445b869..dbf07af83d 100644
--- a/source/puppet/latest/type.md
+++ b/source/puppet/latest/type.md
@@ -1227,7 +1227,7 @@ mount points.
 * Fully qualified paths to locally available files (including files on NFS
 shares or Windows mapped drives).
 * `file:` URIs, which behave the same as local file paths.
-* `http:` URIs, which point to files served by common web servers.
+* `http(s):` URIs, which point to files served by common web servers.
 
 The normal form of a `puppet:` URI is:
 
@@ -1243,16 +1243,17 @@ directories if the `recurse` attribute is set to `true` or `remote`. If
 a source directory contains symlinks, use the `links` attribute to
 specify whether to recreate links or follow them.
 
-_HTTP_ URIs cannot be used to recursively synchronize whole directory
+HTTP URIs cannot be used to recursively synchronize whole directory
 trees. You cannot use `source_permissions` values other than `ignore`
 because HTTP servers do not transfer any metadata that translates to
 ownership or permission details.
 
-The `http` source uses the server `Content-MD5` header as a checksum to
-determine if the remote file has changed. If the server response does not
-include that header, Puppet defaults to using the `Last-Modified` header.
-Puppet will update the local file if the header is newer than the modified
-time (mtime) of the local file.
+Puppet determines if file content is synchronized by computing a checksum for the local file and comparing it against the `checksum_value` parameter. If the `checksum_value` parameter is not specified for `puppet` and `file` sources, Puppet computes a checksum based on its `Puppet[:digest_algorithm]`. For `http(s)` sources, Puppet uses the
+first HTTP header it recognizes out of the following list:`X-Checksum-Sha256`, `X-Checksum-Sha1`, `X-Checksum-Md5` or `Content-MD5`. If the server response does not include one of these headers, Puppet defaults to using the `Last-Modified` header. Puppet updates the localfile if the header is newer than the modified time (mtime) of the local file. 
+
+HTTP URIs can include a user information component so that Puppet can retrieve file metadata and content from HTTP servers that require HTTP Basic authentication. For example `https://<user>:<pass>@<server>:<port>/path/to/file.` 
+
+When connecting to HTTPS servers, Puppet trusts CA certificates in the `puppet-agent` certificate bundle and the Puppet CA. You can configure Puppet to trust additional CA certificates using the `Puppet[:ssl_trust_store]` setting.
 
 Multiple `source` values can be specified as an array, and Puppet will
 use the first source that exists. This can be used to serve different
diff --git a/source/puppet/latest/types/file.md b/source/puppet/latest/types/file.md
index 9d041a1fae..fb0cb84e2d 100644
--- a/source/puppet/latest/types/file.md
+++ b/source/puppet/latest/types/file.md
@@ -649,7 +649,7 @@ mount points.
 * Fully qualified paths to locally available files (including files on NFS
 shares or Windows mapped drives).
 * `file:` URIs, which behave the same as local file paths.
-* `http:` URIs, which point to files served by common web servers.
+* `http(s):` URIs, which point to files served by common web servers.
 
 The normal form of a `puppet:` URI is:
 
@@ -668,13 +668,14 @@ specify whether to recreate links or follow them.
 _HTTP_ URIs cannot be used to recursively synchronize whole directory
 trees. You cannot use `source_permissions` values other than `ignore`
 because HTTP servers do not transfer any metadata that translates to
-ownership or permission details.
+ownership or permission details. 
 
-The `http` source uses the server `Content-MD5` header as a checksum to
-determine if the remote file has changed. If the server response does not
-include that header, Puppet defaults to using the `Last-Modified` header.
-Puppet will update the local file if the header is newer than the modified
-time (mtime) of the local file.
+Puppet determines if file content is synchronized by computing a checksum for the local file and comparing it against the `checksum_value` parameter. If the `checksum_value` parameter is not specified for `puppet` and `file` sources, Puppet computes a checksum based on its `Puppet[:digest_algorithm]`. For `http(s)` sources, Puppet uses the
+first HTTP header it recognizes out of the following list:`X-Checksum-Sha256`, `X-Checksum-Sha1`, `X-Checksum-Md5` or `Content-MD5`. If the server response does not include one of these headers, Puppet defaults to using the `Last-Modified` header. Puppet updates the localfile if the header is newer than the modified time (mtime) of the local file. 
+
+HTTP URIs can include a user information component so that Puppet can retrieve file metadata and content from HTTP servers that require HTTP Basic authentication. For example `https://<user>:<pass>@<server>:<port>/path/to/file.` 
+
+When connecting to HTTPS servers, Puppet trusts CA certificates in the `puppet-agent` certificate bundle and the Puppet CA. You can configure Puppet to trust additional CA certificates using the `Puppet[:ssl_trust_store]` setting.
 
 Multiple `source` values can be specified as an array, and Puppet will
 use the first source that exists. This can be used to serve different