Revert "Fix documentation. (#751)"
Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)"
Revert "Refactor and extend argument spec helper, use for ACME modules (#749)"
Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)"
Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)"
Revert "Add acme_certificate_renewal_info module (#746)"
Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)"
Revert "Add tests for acme_certificate_deactivate_authz module. (#744)"
Revert "Create acme_certificate_deactivate_authz module (#741)"
Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)"
Revert "Implement basic acme_ari_info module. (#732)"
Revert "Add function for retrieval of ARI information. (#738)"
Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)"
Revert "Implement certificate information retrieval code in the ACME backends. (#736)"
Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)"
This reverts commits 5e59c5261e, aa82575a78,
f3c9cb7a8a, f82b335916, 553ab45f46,
59606d48ad, 0a15be1017, 9501a28a93,
d906914737, 33d278ad8f, 6d4fc589ae,
9614b09f7a, af5f4b57f8, c6fbe58382,
and afe7f7522c.
* Fix time idempotence.
* Lint and add changelog fragment.
* Add tests.
* Make sure 'ignore_timestamps: false' is passed for time idempotence tests; pass right private key for OwnCA tests
* Fix quick_is_not_prime() for small primes. Add some tests.
* Fix return value of convert_int_to_bytes(0, 0) on Python 2.
* Add some more test cases.
* Simplify the changelog and point out that these errors only happen for cases not happening in regular use.
* Use timezone aware functionality when using cryptography >= 42.0.0.
* Adjust OpenSSH certificate code to avoid functions deprecated in Python 3.12.
* Strip timezone info from isoformat() output.
* InvalidityDate.invalidity_date currently has no _utc variant.
* Added support for DER format
* Updated description
* Adjusted description
The content of the certificate cannot be in DER format due to an input encoding problem in the Ansible module, but it works fine when reading the certificate from a file
* Update support.py
* Added der_support_enabled flag for DER-format support
* Added changelog fragment for #603
* Fixed typo
* Fixed missing import
* Resolved issues found by static code analysis
* Update plugins/module_utils/crypto/support.py
Committed suggested change
Co-authored-by: Felix Fontein <felix@fontein.de>
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Use new PKCS#12 deserialization code from cryptography 36.0.0 if available.
* Refactor into smaller functions.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Remove assertonly backend.
* Remove assertonly tests.
* The expired test is basically a test of assertonly.
* Replace assertonly verification by _info + assert.
* Add some workarounds for cryptography 35.0.0.
* Make fix work with very old cryptography versions as well (which supported multiple backends).
* [TEMP] Disable openssl_pkcs12 tests to see whether everything else works.
* Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works."
This reverts commit 3f905bc795.
* Add changelog fragment.
* Remove unnecessary assignment.
* Simplify code change.
* [TEMP] Disable openssl_pkcs12 tests to see whether everything else works.
* Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works."
This reverts commit fdb210528e.
* Adjust dirName serialization to RFC 4514.
* Adjust deserialization to RFC 4514.
* Add changelog fragment.
* Use Unicode strings, and work around Python 2 and Python 3 differences and problems with old cryptography versions.
* Work with bytes, not Unicode strings, to handle escaping of Unicode endpoints correctly.
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
Felix Fontein
Marcin Słowikowski
Katze
Songmin Li