Commit Graph

12 Commits (7bb05563343df1c8c7d2455ee551db8abcd85d18)

Author SHA1 Message Date
Felix Fontein fa70690e5c
openssl_certificate/csr(_info): add support for SubjectKeyIdentifier and AuthorityKeyIdentifier (#60741)
* Add support for SubjectKeyIdentifier and AuthorityKeyIdentifier to _info modules.

* Adding SubjectKeyIdentifier and AuthorityKeyIdentifier support to openssl_certificate and openssl_csr.

* Fix type of authority_cert_issuer.

* Add basic tests.

* Add changelog.

* Added proper tests for _info modules.

* Fix docs bug.

* Make sure new features are only used when cryptography backend for openssl_csr is available.

* Work around jinja2 being too old on some CI hosts.

* Add tests for openssl_csr.

* Add openssl_certificate tests.

* Fix idempotence test.

* Move one level up.

* Add ownca_create_authority_key_identifier option.

* Add ownca_create_authority_key_identifier option.

* Add idempotency check.

* Apparently the function call expected different args for cryptography < 2.7.

* Fix copy'n'paste errors and typos.

* string -> general name.

* Add disclaimer.

* Implement always_create / create_if_not_provided / never_create for openssl_certificate.

* Update changelog and porting guide.

* Add comments for defaults.
5 years ago
Felix Fontein 7a957ba64a openssl_certificate: fix passphrase handling for cryptography backend (#56155)
* Make sure passphrase is bytes string.

* Fix typo.

* Add more passphrase tests.

* Fix test names.

* Add changelog.
6 years ago
Felix Fontein cb5c57bcd5 openssl_csr: fix idempotency problems (#55142)
* Add test for generating a CSR with everything, and testing idempotency.

* Proper SAN normalization before comparison.

* Fix check in cryptography backend.

* Convert SANs to text. Update comments.

* Add changelog.
6 years ago
Felix Fontein 188903448a openssl_*: add backup option (#54294) 6 years ago
Felix Fontein 90c067e947 openssl_* modules: private key errors (#54088)
* Improve error handling, in particular with respect to private key loading problems.

* Add tests to validate that modules regenerate invalid input and don't crash.

* Don't crash when input is invalid.

* Create 'better' broken input.

* Fix paths.

* Simplifying pyOpenSSL error handling.
6 years ago
Felix Fontein caf7fd2245 openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489)
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
6 years ago
Felix Fontein b2e992cecd openssl_csr: improve subject validation (#53198)
* Improve subject field validation.

* Add country name idempotency test.

* Add failed country name test.

* Add changelog.
6 years ago
Felix Fontein 628326b879 openssl_csr: improve invalid SAN error messages (#53201)
* Improve invalid SAN error messages.

* Add changelog.
6 years ago
Felix Fontein 9b1cbcf3a4 openssl_csr: ignore empty strings in altnames (#51473)
* Ignore empty strings in altnames.

* Add changelog.

* Add idempotence check without SAN.

* Fix bug in cryptography backend.
6 years ago
Felix Fontein 345011e024 openssl_csr cryptography backend, try II (#50894)
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""

This reverts commit bbd2e31e9f.

* Remove more complicated selection copy'n'pasted from openssl_privatekey.

* Add tests for backend selection.

* Add openssl_csr test for arbitrary string commonName.

* Allow to disable commonName -> SAN copying (fixes #36690).
6 years ago
Felix Fontein bbd2e31e9f Revert "openssl_csr: Allow to use cryptography as backend (#50324)"
This reverts commit 409f8a15bd.
6 years ago
Felix Fontein 409f8a15bd openssl_csr: Allow to use cryptography as backend (#50324)
* Allow to use cryptography as backend for openssl_csr.

* Use different curve.

* Adding changelog.

Includes changelog fragment for #49416, which didn't include one.
6 years ago