openssl_certificate: make subject-alt-name identifier conistent with openssl_csr (#30151)

(cherry picked from commit 1fe5171f1a)
7 years ago · 6a7206fc99
parent 69282e76fb
commit 6a7206fc99
1 changed files with 4 additions and 4 deletions
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@ -555,11 +555,11 @@ class AssertOnlyCertificate(Certificate):
                for extension_idx in range(0, self.cert.get_extension_count()):
                    extension = self.cert.get_extension(extension_idx)
                    if extension.get_short_name() == 'subjectAltName':
-                        l_subjectAltName = [altname.replace('IP', 'IP Address') for altname in self.subjectAltName]
-                        if (not self.subjectAltName_strict and not all(x in str(extension).split(', ') for x in l_subjectAltName)) or \
-                           (self.subjectAltName_strict and not set(l_subjectAltName) == set(str(extension).split(', '))):
+                        l_altnames = [altname.replace('IP Address', 'IP') for altname in str(extension).split(', ')]
+                        if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \
+                           (self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)):
                            self.message.append(
-                                'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (str(extension).split(', '), l_subjectAltName)
+                                'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (l_altnames, self.subjectAltName)
                            )

        def _validate_notBefore():