openssl_pkcs12: Add idempotency checks (#54633)

* Added idempotency logic to openssl_pkcs12 Also decoupled the 'parse' and 'generate' function from the file write as they are now used in different places that do not need the file to be written to disk. * Added idempotency tests for openssl_pkcs12 Also adds a new test for pkcs12 files with multiple certificates * Regenerate if parsed file is invalid * pkcs12_other_certificates check was wrong * Updated ca_certificates to other_certificates ca_certificates is left as an alias to other_certificates; friendlyname depends on private key, so it will be ignored while checking for idempotency if the pkey is not set; idempotency check only checks for correct certs in the stack * use different keys for different certs * Added other_certificates in module docs * Added changelog and porting guide * removed unrelated porting guide entry * renamed ca_cert* occurrence with other_cert
2025-07-22 12:50:22 -07:00 · 2019-04-10 11:43:08 +01:00 · 2019-04-10 11:43:08 +01:00 · 0303ea2bfa
commit 0303ea2bfa
parent 0b5b353e37
5 changed files with 163 additions and 36 deletions
--- a/docs/docsite/rst/porting_guides/porting_guide_2.8.rst
+++ b/docs/docsite/rst/porting_guides/porting_guide_2.8.rst
@ -333,6 +333,8 @@ Noteworthy module changes
 * The ``win_dsc`` module will now validate the input options for a DSC resource. In previous versions invalid options
  would be ignored but are now not.

+* The ``openssl_pkcs12`` module will now regenerate the pkcs12 file if there are differences between the file on disk and the parameters passed to the module.
+
 Plugins
 =======