ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-05-11 03:31:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

openssl_csr: fix idempotency problems (#55142)

Browse source 
* Add test for generating a CSR with everything, and testing idempotency.

* Proper SAN normalization before comparison.

* Fix check in cryptography backend.

* Convert SANs to text. Update comments.

* Add changelog.
This commit is contained in:
Felix Fontein 2019-04-15 09:15:08 +02:00 committed by Martin Krizek
parent 91e808eed2
commit cb5c57bcd5
5 changed files with 209 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/ansible/modules/crypto/openssl_csr_info.py
View file

@ -439,6 +439,8 @@ class CertificateSigningRequestInfoPyOpenSSL(CertificateSigningRequestInfo):
return None, False
def _normalize_san(self, san):
# apperently openssl returns 'IP address' not 'IP' as specifier when converting the subjectAltName to string
# although it won't accept this specifier when generating the CSR. (https://github.com/openssl/openssl/issues/4004)
if san.startswith('IP Address:'):
san = 'IP:' + san[len('IP Address:'):]
if san.startswith('IP:'):