* Run tests with macOS 10.15.
* Update prepare_http_tests as in https://github.com/ansible/ansible/pull/71841/files.
* Also skip luks_device tests on macOS.
* Temporarily restrict to macOS/OSX nodes.
* Show full OpenSSL version.
* Show pyOpenSSL debug details.
* Make location of openssl binary configurable.
* Try to upgrade openssl on macOS when LibreSSL is found.
* Use other variable.
* Use found binary instead of default.
* Revert "Temporarily restrict to macOS/OSX nodes."
This reverts commit ea379382e5.
ci_complete
* Avoid crashing when OpenSSL.debug does not exist.
* Combine setup_openssl_cli with setup_openssl
* Split up setup_openssl in setup_openssl (openssl + cryptography) and setup_pyopenssl.
* Fix package name.
* Don't install cryptography on CentOS 6, print environment.
* Work around ansible-test limitation.
* Move disk-independent parts of openssl_privatekey to module_utils and doc_fragments.
* Improve documentation.
* Add openssl_privatekey_pipe module.
* Fallback in case no fingerprints are returned.
* Prevent no_log=True for content to stop module from working correctly.
* Forgot version_added.
* Update copyright. All the interesting code is no longer in this file anyway.
* Remove file arguments.
* Add framework for action modules.
* Convert openssl_privatekey_pipe to action plugin.
* Linting.
* Bump version.
* Add return_current_key option.
* Add no_log to examples.
* Remove preparation for potential later extensibility (easy to re-add when needed).
* Fix deprecation version in docs.
* Use new ArgumentSpec object for AnsibleActionModule as well.
* Extract doc fragment from openssl_csr.
* Refactor openssl_csr module into backend + module.
* Add openssl_csr_pipe module.
* Add seealso references.
* ...
* Use /dev/stdin instead of -, which seems to be only supported by newer openssl versions.
* Bump version.
* DRY: use select_message_digest.
* Fix deprecation version in docs.
* Docs improvements.
* Improve argument spec handling for module backends.
* Linting.
* Fix linting problems by using kwargs.
* Allow to pass CSR to acme_certificate as csr_content.
* Make sure contents are bytes.
* No need to write CSR to disk.
* Forgot version_added.
* Fix documentation.
* Do not crash when PKCS#12 file contains no private key and/or main certificate.
* Add changelog fragment.
* Call getters only once each, check explicitly for None.
* Add test.
* Also 'parse' correctly PKCS#12 file with no private key.
* Increase # of bits for random serial numbers of certificates with PyOpenSSL backend.
* Adjust algorithm to return a random number between 1000 and 2^160-1.
* Use module_utils from collection, clean up code a bit
* add DSA keys, because why not...
* sign/verify was added in pyOpenSSL 0.11 apparently
* Add signing capability detection to module_utils.crypto.basic
* Rework feature detection of signature types.
* Rename parameters to match other modules
* Add initial version of integration tests
* fix whitespace in tests
* More whitespace fixes
* small fixes for issues in testing
* Organize integration tests as test matrix
* another indentation fix to make pep8 happy
* use openssl pkeyutl when possible, otherwise fall back to openssl dgst
* More linter fixes
* openssl pkeyutl -help can apparently return 1
* ignore errors on openssl call and another try at formatting
* Remove the OpenSSL calls in tests
* Add collection name to deprecation notice and deprecate at version 2.0.0
* Exclude Ed448/25519 tests on pyopenssl
* revert the collection name in the deprecation notice (breaks 2.9)
* limit test platforms even more
* disable FreeBSD DSA and ECC tests
* Add module name to README
* rewrite and split into 2 modules instead
* add module to README and fix whitespace issue
* remove duplicated tests
* address review remarks
* resolve another comment
* acme_account: add support for External Account Binding.
* Add changelog fragment.
* Error if externalAccountRequired is set in ACME directory meta, but external account data is not provided.
* Validate that EAB key is Base64URL encoded.
* Improve documentation.
* Add padding to Base64 encoded key if necessary.
* Make account creation idempotent with ZeroSSL.
This adds the parameter pkcs11_provider, which can be set to the name of
or path to a PKCS#11 library (e.g. libpkcs11.so). ssh-keygen will then
use this library to have the token make any required signatures.
If this is used, signing_key needs to be set to a file containing the
public key that matches the private key on the token.
* Fix CI test groups.
* Make files more similar.
* Run most tests in both cloud and OS-specific environments.
* Run ACME tests in both cloud and OS-specific environments.
* Use different Python version for 2.9 cloud test.
* Revert "Run ACME tests in both cloud and OS-specific environments."
This reverts commit 967bda9438.
* Revert "Run most tests in both cloud and OS-specific environments."
This reverts commit 6e9f090afd.
* get_certificate - Add support of SNI
For python versions supporting `create_default_context` support SNI by using low-level
SSLContext.wrap_socket().getpeercert().
Add also more information in the error message
fixes#69
* Make sure default CA certificates are not loaded when ca_cert is specified.
* Refactor to combine common code.
* Update changelogs/fragments/get_certificate-add_support_for_SNI.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add unit tests and cloud on python 2.6
* Add all python 3.x we support
Co-authored-by: Felix Fontein <felix@fontein.de>
* disable 3.5 because of acme_inspect
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
selfsigned_not_after and ownca_not_after values for macOS 10.15,
can be +825d. Updated the docs accordingly.
Migrated from ansible/ansible#64563
Thanks to Sironheart
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
Felix Fontein
Doug Stanley
Andrew Klychkov
Markus Teufelberger
Patrick Pichler
Arnoways
s-hamann
Olivier Clavel
Baptiste Mille-Mathias
Abhijeet Kasurde