certificate_complete_chain: do not stop execution on unsupported algorithm (#457)

* Do not stop execution on unsupported algorithm. * Fix typo.
2022-05-20 07:22:35 +02:00 · 2022-05-20 07:22:35 +02:00 · c49102d688
parent 40cf8ba2ce
commit c49102d688
2 changed files with 6 additions and 0 deletions
--- a/changelogs/fragments/457-certificate_complete_chain-unsupported-algorithm.yml
+++ b/changelogs/fragments/457-certificate_complete_chain-unsupported-algorithm.yml
@ -0,0 +1,2 @@
 bugfixes:
  - "certificate_complete_chain - do not stop execution if an unsupported signature algorithm is encountered; warn instead (https://github.com/ansible-collections/community.crypto/pull/457)."
--- a/plugins/modules/certificate_complete_chain.py
+++ b/plugins/modules/certificate_complete_chain.py
@ -133,6 +133,7 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.pem import
 CRYPTOGRAPHY_IMP_ERR = None
 try:
    import cryptography
    import cryptography.exceptions
    import cryptography.hazmat.backends
    import cryptography.hazmat.primitives.serialization
    import cryptography.hazmat.primitives.asymmetric.rsa
@ -190,6 +191,9 @@ def is_parent(module, cert, potential_parent):
        return True
    except cryptography.exceptions.InvalidSignature as dummy:
        return False
    except cryptography.exceptions.UnsupportedAlgorithm as dummy:
        module.warn('Unsupported algorithm "{0}"'.format(cert.cert.signature_hash_algorithm))
        return False
    except Exception as e:
        module.fail_json(msg='Unknown error on signature validation: {0}'.format(e))
		`@ -0,0 +1,2 @@`
							`bugfixes:`
							`- "certificate_complete_chain - do not stop execution if an unsupported signature algorithm is encountered; warn instead (https://github.com/ansible-collections/community.crypto/pull/457)."`