From 75c4e9ec05690f493ce5e14a74231864b9206fe0 Mon Sep 17 00:00:00 2001
From: Michael Scherer <mscherer@users.noreply.github.com>
Date: Sun, 29 Sep 2019 16:17:38 +0200
Subject: [PATCH] Fix _validate_csr_subject and _validate_csr_signature
 (#62790)

On python 3, if there is no explicit "return True", the
function call will be seen as "False", thus failling the module
---
 .../fragments/62790-openssl_certificate_fix_assert.yml      | 2 ++
 lib/ansible/modules/crypto/openssl_certificate.py           | 6 ++----
 2 files changed, 4 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/62790-openssl_certificate_fix_assert.yml

diff --git a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml
new file mode 100644
index 00000000000..fb692104527
--- /dev/null
+++ b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml
@@ -0,0 +1,2 @@
+bugfixes:
+- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors."
diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py
index ad836512ddc..f3357e5e187 100644
--- a/lib/ansible/modules/crypto/openssl_certificate.py
+++ b/lib/ansible/modules/crypto/openssl_certificate.py
@@ -1861,12 +1861,10 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
     def _validate_csr_signature(self):
         if not self.csr.is_signature_valid:
             return False
-        if self.csr.public_key().public_numbers() != self.cert.public_key().public_numbers():
-            return False
+        return self.csr.public_key().public_numbers() == self.cert.public_key().public_numbers()
 
     def _validate_csr_subject(self):
-        if self.csr.subject != self.cert.subject:
-            return False
+        return self.csr.subject == self.cert.subject
 
     def _validate_csr_extensions(self):
         cert_exts = self.cert.extensions