Release 1.3.0.

CHANGELOG.rst

@@ -5,6 +5,39 @@ Community Crypto Release Notes
 .. contents:: Topics
 
 
+v1.3.0
+======
+
+Release Summary
+---------------
+
+Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow to create or update private keys, CSRs and X.509 certificates without having to write them to disk.
+
+
+Minor Changes
+-------------
+
+- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
+- openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+- openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119).
+- openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132).
+- x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129).
+- x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135).
+
+Bugfixes
+--------
+
+- openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
+- support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139).
+- x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
+
+New Modules
+-----------
+
+- openssl_csr_pipe - Generate OpenSSL Certificate Signing Request (CSR)
+- openssl_privatekey_pipe - Generate OpenSSL private keys without disk access
+- x509_certificate_pipe - Generate and/or check OpenSSL certificates
+
 v1.2.0
 ======
 

changelogs/changelog.yaml

@@ -235,3 +235,53 @@ releases:
     - 121-x509_certificate_info-fingerprints.yml
     - cve-2020-25646.yml
     release_date: '2020-10-13'
+  1.3.0:
+    changes:
+      bugfixes:
+      - openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).
+      - support code - improve handling of certificate and certificate signing request
+        (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138,
+        https://github.com/ansible-collections/community.crypto/pull/139).
+      - x509_certificate - fix ``entrust`` provider, which was broken since community.crypto
+        0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135).
+      minor_changes:
+      - openssh_cert - add module parameter ``use_agent`` to enable using signing
+        keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).
+      - openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123).
+      - openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe
+        (https://github.com/ansible-collections/community.crypto/pull/119).
+      - openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security
+        warning. Elliptic curves of at least 224 bits should be used for new keys;
+        see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_
+        (https://github.com/ansible-collections/community.crypto/pull/132).
+      - x509_certificate - for the ``selfsigned`` provider, a CSR is not required
+        anymore. If no CSR is provided, the module behaves as if a minimal CSR which
+        only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32,
+        https://github.com/ansible-collections/community.crypto/pull/129).
+      - x509_certificate - refactor module to allow code re-use by x509_certificate_pipe
+        (https://github.com/ansible-collections/community.crypto/pull/135).
+      release_summary: 'Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe``
+        and ``x509_certificate_pipe`` which allow to create or update private keys,
+        CSRs and X.509 certificates without having to write them to disk.
+
+        '
+    fragments:
+    - 1.3.0.yml
+    - 117-openssh_cert-use-ssh-agent.yml
+    - 129-x509_certificate-no-csr-selfsigned.yml
+    - 132-openssl_privatekey-ecc-order.yml
+    - 135-x509_certificate-entrust.yml
+    - 139-improve-error-handling.yml
+    - 145-add-check-for-parsed-pkcs12-files.yml
+    - privatekey-csr-certificate-refactoring.yml
+    modules:
+    - description: Generate OpenSSL Certificate Signing Request (CSR)
+      name: openssl_csr_pipe
+      namespace: ''
+    - description: Generate OpenSSL private keys without disk access
+      name: openssl_privatekey_pipe
+      namespace: ''
+    - description: Generate and/or check OpenSSL certificates
+      name: x509_certificate_pipe
+      namespace: ''
+    release_date: '2020-11-24'

changelogs/fragments/1.3.0.yml

@@ -1,3 +0,0 @@
-release_summary: >
-  Contains new modules ``openssl_privatekey_pipe``, ``openssl_csr_pipe`` and ``x509_certificate_pipe`` which allow
-  to create or update private keys, CSRs and X.509 certificates without having to write them to disk.

changelogs/fragments/117-openssh_cert-use-ssh-agent.yml

@@ -1,2 +0,0 @@
-minor_changes:
-- openssh_cert - add module parameter ``use_agent`` to enable using signing keys stored in ssh-agent (https://github.com/ansible-collections/community.crypto/issues/116).

changelogs/fragments/129-x509_certificate-no-csr-selfsigned.yml

@@ -1,2 +0,0 @@
-minor_changes:
-- "x509_certificate - for the ``selfsigned`` provider, a CSR is not required anymore. If no CSR is provided, the module behaves as if a minimal CSR which only contains the public key has been provided (https://github.com/ansible-collections/community.crypto/issues/32, https://github.com/ansible-collections/community.crypto/pull/129)."

changelogs/fragments/132-openssl_privatekey-ecc-order.yml

@@ -1,2 +0,0 @@
-minor_changes:
-- "openssl_privatekey - the elliptic curve ``secp192r1`` now triggers a security warning. Elliptic curves of at least 224 bits should be used for new keys; see `here <https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec.html#elliptic-curves>`_ (https://github.com/ansible-collections/community.crypto/pull/132)."

changelogs/fragments/135-x509_certificate-entrust.yml

@@ -1,2 +0,0 @@
-bugfixes:
-- "x509_certificate - fix ``entrust`` provider, which was broken since community.crypto 0.1.0 due to a feature added before the collection move (https://github.com/ansible-collections/community.crypto/pull/135)."

changelogs/fragments/139-improve-error-handling.yml

@@ -1,2 +0,0 @@
-bugfixes:
- - "support code - improve handling of certificate and certificate signing request (CSR) loading with the ``cryptography`` backend when errors occur (https://github.com/ansible-collections/community.crypto/issues/138, https://github.com/ansible-collections/community.crypto/pull/139)."

changelogs/fragments/145-add-check-for-parsed-pkcs12-files.yml

@@ -1,2 +0,0 @@
-bugfixes:
- - openssl_pkcs12 - report the correct state when ``action`` is ``parse`` (https://github.com/ansible-collections/community.crypto/issues/143).

changelogs/fragments/privatekey-csr-certificate-refactoring.yml

@@ -1,4 +0,0 @@
-minor_changes:
-- "openssl_privatekey - refactor module to allow code re-use by openssl_privatekey_pipe (https://github.com/ansible-collections/community.crypto/pull/119)."
-- "openssl_csr - refactor module to allow code re-use by openssl_csr_pipe (https://github.com/ansible-collections/community.crypto/pull/123)."
-- "x509_certificate - refactor module to allow code re-use by x509_certificate_pipe (https://github.com/ansible-collections/community.crypto/pull/135)."