* Raise OpenSSLBadPassphraseError if passphrase is wrong.
* Improve handling of passphrase errors.
Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.
* Add changelog.
* Add tests.
* Adjustments for some versions of PyOpenSSL.
* Update lib/ansible/modules/crypto/openssl_certificate.py
Improve text.
Co-Authored-By: felixfontein <felix@fontein.de>
* Revert "Revert "openssl_csr: Allow to use cryptography as backend (#50324)""
This reverts commit bbd2e31e9f.
* Remove more complicated selection copy'n'pasted from openssl_privatekey.
* Add tests for backend selection.
* Add openssl_csr test for arbitrary string commonName.
* Allow to disable commonName -> SAN copying (fixes#36690).
* allow multiple values per key in name fields in openssl_certificate
* check correct side of comparison
* trigger only on lists
* add subject parameter to openssl_csr
* fix key: value mapping not skipping None elements
* temporary fix for undefined "subject" field
* fix iteration over subject entries
* fix docs
* quote sample string
* allow csr with only subject defined
* fix integration test
* look up NIDs before comparing, add hidden _strict params
* deal with empty issuer/subject fields
* adapt integration tests
* also normalize output from pyopenssl
* fix issue with _sanitize_inputs
* don't convert empty lists
* workaround for pyopenssl limitations
* properly encode the input to the txt2nid function
* another to_bytes fix
* make subject, commonname and subjecAltName completely optional
* don't compare hashes of keys in openssl_csr integration tests
* add integration test for old API in openssl_csr
* compare keys directly in certificate and publickey integration tests
* fix typo
keyUsage and extendedKeyUsage are currently statically limited via a
static dict defined in modules_utils/crypto.py. If one specify a value
that isn't in there, idempotency won't work.
Instead of having static dict, we uses keyUsage and extendedKyeUsage
values OpenSSL NID and compare those rather than comparing strings.
Fixes: https://github.com/ansible/ansible/issues/30316
Crypto namespace contains the openssl modules. It has no integration
testing as of now.
This commits aims to add integration tests for the crypto namespace.
This will make it easier to spot breaking changes in the future.
This tests currently apply to:
* openssl_privatekey
* openssl_publickey
* openssl_csr