From a2b00e9b5201f52355643b6f8c2967d798dd6d54 Mon Sep 17 00:00:00 2001 From: Yanis Guenane Date: Thu, 18 Jan 2018 14:35:05 +0100 Subject: [PATCH] openssl_certificate: Ensure issuer field is set (#34982) Ensure the Issuer field of the certificate is set when using the selfsigned backend. Fixes: https://github.com/ansible/ansible/issues/34963 --- lib/ansible/modules/crypto/openssl_certificate.py | 1 + .../targets/openssl_certificate/tests/validate.yml | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index 7a21623c9e..531a54826e 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -449,6 +449,7 @@ class SelfSignedCertificate(Certificate): # 10 years. 315360000 is 10 years in seconds. cert.gmtime_adj_notAfter(315360000) cert.set_subject(self.csr.get_subject()) + cert.set_issuer(self.csr.get_subject()) cert.set_version(self.version - 1) cert.set_pubkey(self.csr.get_pubkey()) cert.add_extensions(self.csr.get_extensions()) diff --git a/test/integration/targets/openssl_certificate/tests/validate.yml b/test/integration/targets/openssl_certificate/tests/validate.yml index 11343b65f5..ff5652e8b5 100644 --- a/test/integration/targets/openssl_certificate/tests/validate.yml +++ b/test/integration/targets/openssl_certificate/tests/validate.yml @@ -6,6 +6,11 @@ shell: 'openssl x509 -noout -modulus -in {{ output_dir }}/cert.pem' register: cert_modulus +- name: Validate certificate (test - issuer value) + shell: 'openssl x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Issuer" | sed "s/.*: \(.*\)/\1/g"' + register: cert_issuer + + - name: Validate certificate (test - certficate version == default == 3) shell: 'openssl x509 -noout -in {{ output_dir}}/cert.pem -text | grep "Version" | sed "s/.*: \(.*\) .*/\1/g"' register: cert_version @@ -15,6 +20,7 @@ that: - cert_modulus.stdout == privatekey_modulus.stdout - cert_version.stdout == '3' + - cert_issuer.stdout == 'CN=www.example.com' - name: Validate certificate idempotence assert: