a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix crash in x509_crl when certificate issuer is specified (#441) 

* Fix x509_crl certificate issuer issue.

* Add tests.

* Add changelog fragment.
pull/444/head
Felix Fontein 2022-04-18 08:17:27 +02:00 committed by GitHub
parent 041fff5057
commit 9d03178b00
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 33 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/441-x509-crl-cert-issuer.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."

4
plugins/modules/x509_crl.py
View File

@ -689,9 +689,7 @@ class CRL(OpenSSLObject):
revoked_cert = revoked_cert.revocation_date(entry['revocation_date']) revoked_cert = revoked_cert.revocation_date(entry['revocation_date'])
if entry['issuer'] is not None: if entry['issuer'] is not None:
revoked_cert = revoked_cert.add_extension( revoked_cert = revoked_cert.add_extension(
x509.CertificateIssuer([ x509.CertificateIssuer(entry['issuer']),
cryptography_get_name(name, 'issuer') for name in entry['issuer']
]),
entry['issuer_critical'] entry['issuer_critical']
) )
if entry['reason'] is not None: if entry['reason'] is not None:

22
tests/integration/targets/x509_crl/tasks/impl.yml
View File

@ -524,3 +524,25 @@
path: '{{ remote_tmp_dir }}/ca-crl2.crl' path: '{{ remote_tmp_dir }}/ca-crl2.crl'
list_revoked_certificates: false list_revoked_certificates: false
register: crl_2_info_2 register: crl_2_info_2
- name: Create CRL 3
x509_crl:
path: '{{ remote_tmp_dir }}/ca-crl3.crl'
privatekey_path: '{{ remote_tmp_dir }}/ca.key'
issuer:
CN: Ansible
last_update: +0d
next_update: +0d
revoked_certificates:
- serial_number: 1234
revocation_date: 20191001000000Z
issuer:
- "DNS:ca.example.org"
issuer_critical: true
register: crl_3
- name: Retrieve CRL 3 infos
x509_crl_info:
path: '{{ remote_tmp_dir }}/ca-crl3.crl'
list_revoked_certificates: true
register: crl_3_info

8
tests/integration/targets/x509_crl/tests/validate.yml
View File

@ -102,3 +102,11 @@
['commonName', 'CRL'], ['commonName', 'CRL'],
['commonName', 'Test'], ['commonName', 'Test'],
] ]
- name: Validate CRL 3 info
assert:
that:
- crl_3.revoked_certificates == crl_3_info.revoked_certificates
- crl_3.revoked_certificates[0].issuer == [
"DNS:ca.example.org",
]