* Restrict remaining days to also work with short-lived profiles.
* Adjust boolean cases.
* Fix spelling error.
* Use larger key size for TLS-ALPN test certificate.
The issuer_uri is retrieved from the Authority Information Access field the same way as the OCSP responder URI is.
Handling is exactly the same since they reside in the same OID space and have the same data type.
Tests have also been added based on the integration test certificates.
Signed-off-by: benaryorg <binary@benary.org>
Signed-off-by: benaryorg <binary@benary.org>
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
* Run all tests on all targets. Remove hack in setup_acme.
* Fix some failing tests.
* OpenSSH tests do not work yet with default image on Ansible 2.9. Let's skip them on the cloud target.
* Make tests pass again.
* Make sure to install *latest* versions of cryptography and pyOpenSSL when not installing system packages, whenever possible.
ci_complete
* Update/fix aliases files.
* Install PyOpenSSL and cryptography from PyPi if target Python != system Python.
* Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling.
* Skip tasks that require properties that aren't always there.
* Only install OpenSSL when not present.
* Improve output.
* Improve get_certificate integration test graceful failing.
* Fix tests.
* Fix assert.
* OpenSSL peculiarities.
* Fix condition.
* Return more public key information.
* Make sure bit size is converted to int first.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove no longer necessary code.
* Use correct return value's name.
* Add trailing commas.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Improve openssh_* tests.
* Use 2048 instead of 4096 bit keys in many places.
ci_complete
* Parameterize default RSA key length for tests.
* Reduce default RSA key size to 1024.
ci_complete
* Fix error.
ci_complete
* Use variable more often.
* Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8.
ci_complete
* Fix missing constant.
ci_complete
* Print default key sizes.
* Run tests with macOS 10.15.
* Update prepare_http_tests as in https://github.com/ansible/ansible/pull/71841/files.
* Also skip luks_device tests on macOS.
* Temporarily restrict to macOS/OSX nodes.
* Show full OpenSSL version.
* Show pyOpenSSL debug details.
* Make location of openssl binary configurable.
* Try to upgrade openssl on macOS when LibreSSL is found.
* Use other variable.
* Use found binary instead of default.
* Revert "Temporarily restrict to macOS/OSX nodes."
This reverts commit ea379382e5.
ci_complete
* Avoid crashing when OpenSSL.debug does not exist.
* Combine setup_openssl_cli with setup_openssl
* Split up setup_openssl in setup_openssl (openssl + cryptography) and setup_pyopenssl.
* Fix package name.
* Don't install cryptography on CentOS 6, print environment.
* Work around ansible-test limitation.
Felix Fontein
Katze
Andrew Klychkov