ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-23 13:20:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

openssl_csr: added support for the OCSP Must Staple extension (#35082)

Browse source 
* Added support for the OCSP Must Staple extension.

* Trying to clean up magic constants a bit.
This commit is contained in:
Felix Fontein 2018-02-08 13:03:28 +01:00 committed by John R Barker
commit d1f19125a5
3 changed files with 93 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

15
test/integration/targets/openssl_csr/tasks/main.yml
View file

@ -51,6 +51,21 @@
privatekey_path: '{{ output_dir }}/privatekey.pem'
commonName: www.ansible.com
- name: Generate CSR with OCSP Must Staple
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: "DNS:www.ansible.com"
ocsp_must_staple: true
- name: Generate CSR with OCSP Must Staple (test idempotency)
openssl_csr:
path: '{{ output_dir }}/csr_ocsp.csr'
privatekey_path: '{{ output_dir }}/privatekey.pem'
subject_alt_name: "DNS:www.ansible.com"
ocsp_must_staple: true
register: csr_ocsp_idempotency
- import_tasks: ../tests/validate.yml
when: pyopenssl_version.stdout is version('0.15', '>=')

17
test/integration/targets/openssl_csr/tests/validate.yml
View file

@ -19,7 +19,7 @@
- name: Validate CSR_KU_XKU (assert idempotency)
assert:
that:
- csr_ku_xku.changed == False
- csr_ku_xku is not changed
- name: Validate old_API CSR (test - Common Name)
shell: "openssl req -noout -subject -in {{ output_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"
@ -34,3 +34,18 @@
that:
- csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
- csr_oldapi_modulus.stdout == privatekey_modulus.stdout
- name: Validate OCSP Must Staple CSR (test - everything)
shell: "openssl req -noout -in {{ output_dir }}/csr_ocsp.csr -text"
register: csr_ocsp
- name: Validate OCSP Must Staple CSR (assert)
assert:
that:
- "(csr_ocsp.stdout is search('\\s+TLS Feature:\\s*\\n\\s+status_request\\s+')) or
(csr_ocsp.stdout is search('\\s+1.3.6.1.5.5.7.1.24:\\s*\\n\\s+0\\.\\.\\.\\.\\s+'))"
- name: Validate OCSP Must Staple CSR (assert idempotency)
assert:
that:
- csr_ocsp_idempotency is not changed