* lookup lowercase domain names when verifying authorizations to prevent failure when CSR has mixed-case names
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* remove .lower() method
* make authorizations keys lowercase
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use lowercase keys for authorizations dict
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* use new normalize_combined_identifier function to normalize identifiers
* include two blank lines after functions to pass tests
* Update plugins/module_utils/acme/challenges.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* add changelog fragment
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
* Update changelogs/fragments/803-fix-authorization-failure-with-mixed-case-sans.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Lyas Spiehler <lspiehler@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Enable SSL CTX options for get_certificate
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Support both str and int SSL CTX options, override defaults
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Add changelog fragment
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Resolve doc builder error
ssl_ctx_options can be a mix of str and int, but `elements: [ str, int ]` made the Ansible doc builder angry.
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Set ssl_ctx_options version_added
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Initial application of suggestions from code review
Working on completing application of suggestions
Co-authored-by: Felix Fontein <felix@fontein.de>
* Finish applying suggestions from code review
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
* Documentation update
Co-authored-by: Felix Fontein <felix@fontein.de>
* Include value in fail output for wrong data type
Co-authored-by: Felix Fontein <felix@fontein.de>
* Handle invalid tls_ctx_option strings
Co-authored-by: Felix Fontein <felix@fontein.de>
* Minor documentation update
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
---------
Signed-off-by: David Ehrman <dlehrman@liberty.edu>
Co-authored-by: Felix Fontein <felix@fontein.de>
Revert "Fix documentation. (#751)"
Revert "ACME modules: simplify code, refactor argspec handling code, move csr/csr_content to own docs fragment (#750)"
Revert "Refactor and extend argument spec helper, use for ACME modules (#749)"
Revert "Avoid exception if certificate has no AKI in acme_certificate. (#748)"
Revert "ACME: improve acme_certificate docs, include cert_id in acme_certificate_renewal_info return value (#747)"
Revert "Add acme_certificate_renewal_info module (#746)"
Revert "Refactor time code, add tests, fix bug when parsing absolute timestamps that omit seconds (#745)"
Revert "Add tests for acme_certificate_deactivate_authz module. (#744)"
Revert "Create acme_certificate_deactivate_authz module (#741)"
Revert "acme_certificate: allow to request renewal of a certificate according to ARI (#739)"
Revert "Implement basic acme_ari_info module. (#732)"
Revert "Add function for retrieval of ARI information. (#738)"
Revert "acme module utils: add functions for parsing Retry-After header values and computation of ARI certificate IDs (#737)"
Revert "Implement certificate information retrieval code in the ACME backends. (#736)"
Revert "Split up the default acme docs fragment to allow modules ot not need account data. (#735)"
This reverts commits 5e59c5261e, aa82575a78,
f3c9cb7a8a, f82b335916, 553ab45f46,
59606d48ad, 0a15be1017, 9501a28a93,
d906914737, 33d278ad8f, 6d4fc589ae,
9614b09f7a, af5f4b57f8, c6fbe58382,
and afe7f7522c.
* Fix time idempotence.
* Lint and add changelog fragment.
* Add tests.
* Make sure 'ignore_timestamps: false' is passed for time idempotence tests; pass right private key for OwnCA tests
* Use community.dns.quote_txt filter instead of regex replace to quote TXT entry value.
* Fix documentation of acme_certificate's challenge_data return value.
* Also return cert_id from acme_certificate_renewal_info module.
* The cert ID cannot be computed if the certificate has no AKI.
This happens with older Pebble versions, which are used when
testing against older ansible-core/-base/Ansible versions.
* Fix AKI extraction for older OpenSSL versions.
* Allow to provide cert_info object to get_renewal_info().
* Add acme_certificate_renewal_info module.
* Allow to provide value for 'now'.
* Actually append msg_append.
* Fix bug in module timestamp param parsing, and add tests.
* Fix quick_is_not_prime() for small primes. Add some tests.
* Fix return value of convert_int_to_bytes(0, 0) on Python 2.
* Add some more test cases.
* Simplify the changelog and point out that these errors only happen for cases not happening in regular use.
* Use timezone aware functionality when using cryptography >= 42.0.0.
* Adjust OpenSSH certificate code to avoid functions deprecated in Python 3.12.
* Strip timezone info from isoformat() output.
* InvalidityDate.invalidity_date currently has no _utc variant.
Felix Fontein
Lyas Spiehler
G Derber
dlehrman
francescolovecchio