Allow multiple values per key in name fields in openssl_certificate/csr (#30338)

* allow multiple values per key in name fields in openssl_certificate

* check correct side of comparison

* trigger only on lists

* add subject parameter to openssl_csr

* fix key: value mapping not skipping None elements

* temporary fix for undefined "subject" field

* fix iteration over subject entries

* fix docs

* quote sample string

* allow csr with only subject defined

* fix integration test

* look up NIDs before comparing, add hidden _strict params

* deal with empty issuer/subject fields

* adapt integration tests

* also normalize output from pyopenssl

* fix issue with _sanitize_inputs

* don't convert empty lists

* workaround for pyopenssl limitations

* properly encode the input to the txt2nid function

* another to_bytes fix

* make subject, commonname and subjecAltName completely optional

* don't compare hashes of keys in openssl_csr integration tests

* add integration test for old API in openssl_csr

* compare keys directly in certificate and publickey integration tests

* fix typo
This commit is contained in:
MarkusTeufelberger 2017-12-12 13:35:22 +01:00 committed by John R Barker
commit 9ea1b18ff7
8 changed files with 141 additions and 63 deletions

View file

@ -7,7 +7,8 @@
openssl_csr:
path: '{{ output_dir }}/csr.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
subject:
commonName: www.ansible.com
# keyUsage longname and shortname should be able to be used
# interchangeably. Hence the long name is specified here
@ -17,7 +18,8 @@
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
subject:
CN: www.ansible.com
keyUsage:
- digitalSignature
- keyAgreement
@ -31,7 +33,8 @@
openssl_csr:
path: '{{ output_dir }}/csr_ku_xku.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: 'www.ansible.com'
subject:
commonName: 'www.ansible.com'
keyUsage:
- digitalSignature
- keyAgreement
@ -42,6 +45,12 @@
- Biometric Info
register: csr_ku_xku
- name: Generate CSR with old API
openssl_csr:
path: '{{ output_dir }}/csr_oldapi.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: www.ansible.com
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout is version('0.15', '>=')