Commit Graph

10 Commits (193f69064fb40a83e3e7d2112ef24868b45233b3)

Author SHA1 Message Date
Felix Fontein cb5c57bcd5 openssl_csr: fix idempotency problems (#55142)
* Add test for generating a CSR with everything, and testing idempotency.

* Proper SAN normalization before comparison.

* Fix check in cryptography backend.

* Convert SANs to text. Update comments.

* Add changelog.
6 years ago
Felix Fontein 188903448a openssl_*: add backup option (#54294) 6 years ago
Felix Fontein 90c067e947 openssl_* modules: private key errors (#54088)
* Improve error handling, in particular with respect to private key loading problems.

* Add tests to validate that modules regenerate invalid input and don't crash.

* Don't crash when input is invalid.

* Create 'better' broken input.

* Fix paths.

* Simplifying pyOpenSSL error handling.
6 years ago
Felix Fontein caf7fd2245 openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489)
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
6 years ago
Felix Fontein b2e992cecd openssl_csr: improve subject validation (#53198)
* Improve subject field validation.

* Add country name idempotency test.

* Add failed country name test.

* Add changelog.
6 years ago
Felix Fontein 628326b879 openssl_csr: improve invalid SAN error messages (#53201)
* Improve invalid SAN error messages.

* Add changelog.
6 years ago
Felix Fontein 9b1cbcf3a4 openssl_csr: ignore empty strings in altnames (#51473)
* Ignore empty strings in altnames.

* Add changelog.

* Add idempotence check without SAN.

* Fix bug in cryptography backend.
6 years ago
Felix Fontein 345011e024 openssl_csr cryptography backend, try II (#50894)
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""

This reverts commit bbd2e31e9f.

* Remove more complicated selection copy'n'pasted from openssl_privatekey.

* Add tests for backend selection.

* Add openssl_csr test for arbitrary string commonName.

* Allow to disable commonName -> SAN copying (fixes #36690).
6 years ago
Felix Fontein bbd2e31e9f Revert "openssl_csr: Allow to use cryptography as backend (#50324)"
This reverts commit 409f8a15bd.
6 years ago
Felix Fontein 409f8a15bd openssl_csr: Allow to use cryptography as backend (#50324)
* Allow to use cryptography as backend for openssl_csr.

* Use different curve.

* Adding changelog.

Includes changelog fragment for #49416, which didn't include one.
6 years ago