Commit Graph

8 Commits (a4dc6b78eb9f8959b0cceab2ad0d3a02750ddec9)

Author SHA1 Message Date
Felix Fontein c4748fd011 openssl_csr: improve subject validation (#53198)
* Improve subject field validation.

* Add country name idempotency test.

* Add failed country name test.

* Add changelog.

(cherry picked from commit b2e992cecd)
6 years ago
Felix Fontein 3eccd83891 openssl_csr: improve invalid SAN error messages (#53201)
* Improve invalid SAN error messages.

* Add changelog.

(cherry picked from commit 628326b879)
6 years ago
Felix Fontein 0093b69935 openssl_csr: ignore empty strings in altnames (#51473)
* Ignore empty strings in altnames.

* Add changelog.

* Add idempotence check without SAN.

* Fix bug in cryptography backend.

(cherry picked from commit 9b1cbcf3a4)
6 years ago
Felix Fontein 7ced444af8 openssl_csr: idempotency doesn't work correctly for keyUsage (#50361)
* Fix key usage idempotency bug.

* Extend tests.

* Add changelog.

(cherry picked from commit a5bf71ac6a)
6 years ago
Felix Fontein d1f19125a5 openssl_csr: added support for the OCSP Must Staple extension (#35082)
* Added support for the OCSP Must Staple extension.

* Trying to clean up magic constants a bit.
7 years ago
MarkusTeufelberger 9ea1b18ff7 Allow multiple values per key in name fields in openssl_certificate/csr (#30338)
* allow multiple values per key in name fields in openssl_certificate

* check correct side of comparison

* trigger only on lists

* add subject parameter to openssl_csr

* fix key: value mapping not skipping None elements

* temporary fix for undefined "subject" field

* fix iteration over subject entries

* fix docs

* quote sample string

* allow csr with only subject defined

* fix integration test

* look up NIDs before comparing, add hidden _strict params

* deal with empty issuer/subject fields

* adapt integration tests

* also normalize output from pyopenssl

* fix issue with _sanitize_inputs

* don't convert empty lists

* workaround for pyopenssl limitations

* properly encode the input to the txt2nid function

* another to_bytes fix

* make subject, commonname and subjecAltName completely optional

* don't compare hashes of keys in openssl_csr integration tests

* add integration test for old API in openssl_csr

* compare keys directly in certificate and publickey integration tests

* fix typo
7 years ago
Yanis Guenane 0648e339a7 openssl: remove static dict for keyUsage (#30339)
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.

Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.

Fixes: https://github.com/ansible/ansible/issues/30316
7 years ago
Yanis Guenane 8b22c45a45 Enable integration tests for the crypto/ namespace (#26684)
Crypto namespace contains the openssl modules. It has no integration
testing as of now.

This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.

This tests currently apply to:

  * openssl_privatekey
  * openssl_publickey
  * openssl_csr
7 years ago