mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 05:40:23 -07:00
Allow multiple values per key in name fields in openssl_certificate/csr (#30338)
* allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo
This commit is contained in:
parent
7dac82e2e2
commit
9ea1b18ff7
8 changed files with 141 additions and 63 deletions
|
@ -7,7 +7,8 @@
|
|||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
commonName: 'www.ansible.com'
|
||||
subject:
|
||||
commonName: www.ansible.com
|
||||
|
||||
# keyUsage longname and shortname should be able to be used
|
||||
# interchangeably. Hence the long name is specified here
|
||||
|
@ -17,7 +18,8 @@
|
|||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_ku_xku.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
commonName: 'www.ansible.com'
|
||||
subject:
|
||||
CN: www.ansible.com
|
||||
keyUsage:
|
||||
- digitalSignature
|
||||
- keyAgreement
|
||||
|
@ -31,7 +33,8 @@
|
|||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_ku_xku.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
commonName: 'www.ansible.com'
|
||||
subject:
|
||||
commonName: 'www.ansible.com'
|
||||
keyUsage:
|
||||
- digitalSignature
|
||||
- keyAgreement
|
||||
|
@ -42,6 +45,12 @@
|
|||
- Biometric Info
|
||||
register: csr_ku_xku
|
||||
|
||||
- name: Generate CSR with old API
|
||||
openssl_csr:
|
||||
path: '{{ output_dir }}/csr_oldapi.csr'
|
||||
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
||||
commonName: www.ansible.com
|
||||
|
||||
- import_tasks: ../tests/validate.yml
|
||||
|
||||
when: pyopenssl_version.stdout is version('0.15', '>=')
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue