a-c-m
/
community.crypto
mirror of https://github.com/ansible-collections/community.crypto.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

openssl_pkcs12: fix crash when trying to get non-existing other certificates (#487) 

* Fix crash when trying to get non-existing other certificates.

* Add test.
pull/490/head
Felix Fontein 2022-07-07 22:30:22 +02:00 committed by GitHub
parent b16f12faa3
commit 9ed4526fee
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/487-openssl_pkcs12-other-certs-crash.yml Normal file
View File

@ -0,0 +1,2 @@
bugfixes:
- "openssl_pkcs12 - when using the pyOpenSSL backend, do not crash when trying to read non-existing other certificates (https://github.com/ansible-collections/community.crypto/issues/486, https://github.com/ansible-collections/community.crypto/pull/487)."

2
plugins/modules/openssl_pkcs12.py
View File

@ -559,6 +559,8 @@ class PkcsPyOpenSSL(Pkcs):
return crypto.dump_certificate(crypto.FILETYPE_PEM, cert) if cert else None return crypto.dump_certificate(crypto.FILETYPE_PEM, cert) if cert else None
def _dump_other_certificates(self, pkcs12): def _dump_other_certificates(self, pkcs12):
if pkcs12.get_ca_certificates() is None:
return []
return [ return [
crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert) crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert)
for other_cert in pkcs12.get_ca_certificates() for other_cert in pkcs12.get_ca_certificates()

12
tests/integration/targets/openssl_pkcs12/tasks/impl.yml
View File

@ -45,6 +45,18 @@
return_content: true return_content: true
register: p12_standard_idempotency register: p12_standard_idempotency
- name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (empty other_certificates)"
openssl_pkcs12:
select_crypto_backend: '{{ select_crypto_backend }}'
path: '{{ remote_tmp_dir }}/ansible.p12'
friendly_name: abracadabra
privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
certificate_path: '{{ remote_tmp_dir }}/ansible1.crt'
state: present
return_content: true
other_certificates: []
register: p12_standard_idempotency_no_certs
- name: "({{ select_crypto_backend }}) Read ansible_pkey1.pem" - name: "({{ select_crypto_backend }}) Read ansible_pkey1.pem"
slurp: slurp:
src: '{{ remote_tmp_dir }}/ansible_pkey1.pem' src: '{{ remote_tmp_dir }}/ansible_pkey1.pem'

1
tests/integration/targets/openssl_pkcs12/tests/validate.yml
View File

@ -25,6 +25,7 @@
- p12_dumped is changed - p12_dumped is changed
- p12_standard_idempotency is not changed - p12_standard_idempotency is not changed
- p12_standard_idempotency_check is not changed - p12_standard_idempotency_check is not changed
- p12_standard_idempotency_no_certs is not changed
- p12_standard_idempotency_2 is not changed - p12_standard_idempotency_2 is not changed
- p12_multiple_certs_idempotency is not changed - p12_multiple_certs_idempotency is not changed
- p12_dumped_idempotency is not changed - p12_dumped_idempotency is not changed