Fix crash in x509_crl when certificate issuer is specified (#441)
* Fix x509_crl certificate issuer issue. * Add tests. * Add changelog fragment.pull/444/head
Felix Fontein
GitHub
parent
041fff5057
commit
9d03178b00
|
|
@ -0,0 +1,2 @@
|
|||
bugfixes:
|
||||
- "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."
|
||||
|
|
@ -689,9 +689,7 @@ class CRL(OpenSSLObject):
|
|||
revoked_cert = revoked_cert.revocation_date(entry['revocation_date'])
|
||||
if entry['issuer'] is not None:
|
||||
revoked_cert = revoked_cert.add_extension(
|
||||
x509.CertificateIssuer([
|
||||
cryptography_get_name(name, 'issuer') for name in entry['issuer']
|
||||
]),
|
||||
x509.CertificateIssuer(entry['issuer']),
|
||||
entry['issuer_critical']
|
||||
)
|
||||
if entry['reason'] is not None:
|
||||
|
|
|
|||
|
|
@ -524,3 +524,25 @@
|
|||
path: '{{ remote_tmp_dir }}/ca-crl2.crl'
|
||||
list_revoked_certificates: false
|
||||
register: crl_2_info_2
|
||||
|
||||
- name: Create CRL 3
|
||||
x509_crl:
|
||||
path: '{{ remote_tmp_dir }}/ca-crl3.crl'
|
||||
privatekey_path: '{{ remote_tmp_dir }}/ca.key'
|
||||
issuer:
|
||||
CN: Ansible
|
||||
last_update: +0d
|
||||
next_update: +0d
|
||||
revoked_certificates:
|
||||
- serial_number: 1234
|
||||
revocation_date: 20191001000000Z
|
||||
issuer:
|
||||
- "DNS:ca.example.org"
|
||||
issuer_critical: true
|
||||
register: crl_3
|
||||
|
||||
- name: Retrieve CRL 3 infos
|
||||
x509_crl_info:
|
||||
path: '{{ remote_tmp_dir }}/ca-crl3.crl'
|
||||
list_revoked_certificates: true
|
||||
register: crl_3_info
|
||||
|
|
|
|||
|
|
@ -102,3 +102,11 @@
|
|||
['commonName', 'CRL'],
|
||||
['commonName', 'Test'],
|
||||
]
|
||||
|
||||
- name: Validate CRL 3 info
|
||||
assert:
|
||||
that:
|
||||
- crl_3.revoked_certificates == crl_3_info.revoked_certificates
|
||||
- crl_3.revoked_certificates[0].issuer == [
|
||||
"DNS:ca.example.org",
|
||||
]
|
||||
|
|
|
|||
Loading…
Reference in New Issue