From b57aa4a2ca7cb94c488c616249b14ea4e5e61ebb Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Thu, 25 Jan 2024 23:42:03 +0100
Subject: [PATCH] Fix openssl_dhparam. (#698)

---
 changelogs/fragments/698-openssl_dhparam-cryptography.yml | 4 ++++
 plugins/modules/openssl_dhparam.py                        | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/698-openssl_dhparam-cryptography.yml

diff --git a/changelogs/fragments/698-openssl_dhparam-cryptography.yml b/changelogs/fragments/698-openssl_dhparam-cryptography.yml
new file mode 100644
index 00000000..ad937da8
--- /dev/null
+++ b/changelogs/fragments/698-openssl_dhparam-cryptography.yml
@@ -0,0 +1,4 @@
+bugfixes:
+  - "openssl_dhparam - was using an internal function instead of the public API to load DH param files when using the ``cryptography`` backend.
+     The internal function was removed in cryptography 42.0.0. The module now uses the public API, which has been available since support for
+     DH params was added to cryptography (https://github.com/ansible-collections/community.crypto/pull/698)."
diff --git a/plugins/modules/openssl_dhparam.py b/plugins/modules/openssl_dhparam.py
index 1e759296..2c7d9354 100644
--- a/plugins/modules/openssl_dhparam.py
+++ b/plugins/modules/openssl_dhparam.py
@@ -341,7 +341,7 @@ class DHParameterCryptography(DHParameterBase):
         try:
             with open(self.path, 'rb') as f:
                 data = f.read()
-            params = self.crypto_backend.load_pem_parameters(data)
+            params = cryptography.hazmat.primitives.serialization.load_pem_parameters(data, backend=self.crypto_backend)
         except Exception as dummy:
             return False
         # Check parameters