Backportable subset of: openssl_csr: deprecate version option (#63432) (#63674)

Cherry-picked from ba686154b9.
6 years ago · 02f45f45d7
parent 61c323b199
commit 02f45f45d7
2 changed files with 6 additions and 0 deletions
--- a/changelogs/fragments/63432-openssl_csr-version.yml
+++ b/changelogs/fragments/63432-openssl_csr-version.yml
@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend."
--- a/lib/ansible/modules/crypto/openssl_csr.py
+++ b/lib/ansible/modules/crypto/openssl_csr.py
@ -58,6 +58,8 @@ options:
    version:
        description:
            - The version of the certificate signing request.
+            - "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1)
+               is 1."
        type: int
        default: 1
    force:
@ -755,6 +757,8 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase):
    def __init__(self, module):
        super(CertificateSigningRequestCryptography, self).__init__(module)
        self.cryptography_backend = cryptography.hazmat.backends.default_backend()
+        if self.version != 1:
+            module.warn('The cryptography backend only supports version 1. (The only valid value according to RFC 2986.)')

    def _generate_csr(self):
        csr = cryptography.x509.CertificateSigningRequestBuilder()