--- - name: "[{{ select_crypto_backend }}] Validate generated params" shell: 'openssl dhparam -in {{ output_dir }}/{{ item }}.pem -noout -check' with_items: - dh768 - dh512 - name: "[{{ select_crypto_backend }}] Get bit size of 768" shell: 'openssl dhparam -noout -in {{ output_dir }}/dh768.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam - name: "[{{ select_crypto_backend }}] Check bit size of default" assert: that: - bit_size_dhparam.stdout == "768" - name: "[{{ select_crypto_backend }}] Get bit size of 512" shell: 'openssl dhparam -noout -in {{ output_dir }}/dh512.pem -text | head -n1 | sed -ne "s@.*(\\([[:digit:]]\{1,\}\\) bit).*@\\1@p"' register: bit_size_dhparam_512 - name: "[{{ select_crypto_backend }}] Check bit size of default" assert: that: - bit_size_dhparam_512.stdout == "512" - name: "[{{ select_crypto_backend }}] Check if changed works correctly" assert: that: - dhparam_changed is not changed - dhparam_changed_512 is not changed - dhparam_changed_to_512 is changed - dhparam_changed_force is changed - name: "[{{ select_crypto_backend }}] Make sure correct values are returned" assert: that: - dhparam.dhparams == lookup('file', output_dir ~ '/dh768.pem', rstrip=False) - dhparam.dhparams == dhparam_changed.dhparams - name: "[{{ select_crypto_backend }}] Verify that broken params will be regenerated" assert: that: - output_broken is changed - name: "[{{ select_crypto_backend }}] Check backup" assert: that: - dhparam_backup_1 is changed - dhparam_backup_1.backup_file is undefined - dhparam_backup_2 is not changed - dhparam_backup_2.backup_file is undefined - dhparam_backup_3 is changed - dhparam_backup_3.backup_file is string - dhparam_backup_4 is changed - dhparam_backup_4.backup_file is string - dhparam_backup_5 is not changed - dhparam_backup_5.backup_file is undefined - dhparam_backup_4.dhparams is none