* Increase # of bits for random serial numbers of certificates with PyOpenSSL backend.
* Adjust algorithm to return a random number between 1000 and 2^160-1.
* Use module_utils from collection, clean up code a bit
* add DSA keys, because why not...
* sign/verify was added in pyOpenSSL 0.11 apparently
* Add signing capability detection to module_utils.crypto.basic
* Rework feature detection of signature types.
* Rename parameters to match other modules
* Add initial version of integration tests
* fix whitespace in tests
* More whitespace fixes
* small fixes for issues in testing
* Organize integration tests as test matrix
* another indentation fix to make pep8 happy
* use openssl pkeyutl when possible, otherwise fall back to openssl dgst
* More linter fixes
* openssl pkeyutl -help can apparently return 1
* ignore errors on openssl call and another try at formatting
* Remove the OpenSSL calls in tests
* Add collection name to deprecation notice and deprecate at version 2.0.0
* Exclude Ed448/25519 tests on pyopenssl
* revert the collection name in the deprecation notice (breaks 2.9)
* limit test platforms even more
* disable FreeBSD DSA and ECC tests
* Add module name to README
* rewrite and split into 2 modules instead
* add module to README and fix whitespace issue
* remove duplicated tests
* address review remarks
* resolve another comment
* acme_account: add support for External Account Binding.
* Add changelog fragment.
* Error if externalAccountRequired is set in ACME directory meta, but external account data is not provided.
* Validate that EAB key is Base64URL encoded.
* Improve documentation.
* Add padding to Base64 encoded key if necessary.
* Make account creation idempotent with ZeroSSL.
This adds the parameter pkcs11_provider, which can be set to the name of
or path to a PKCS#11 library (e.g. libpkcs11.so). ssh-keygen will then
use this library to have the token make any required signatures.
If this is used, signing_key needs to be set to a file containing the
public key that matches the private key on the token.
* Fix CI test groups.
* Make files more similar.
* Run most tests in both cloud and OS-specific environments.
* Run ACME tests in both cloud and OS-specific environments.
* Use different Python version for 2.9 cloud test.
* Revert "Run ACME tests in both cloud and OS-specific environments."
This reverts commit 967bda9438.
* Revert "Run most tests in both cloud and OS-specific environments."
This reverts commit 6e9f090afd.
* get_certificate - Add support of SNI
For python versions supporting `create_default_context` support SNI by using low-level
SSLContext.wrap_socket().getpeercert().
Add also more information in the error message
fixes#69
* Make sure default CA certificates are not loaded when ca_cert is specified.
* Refactor to combine common code.
* Update changelogs/fragments/get_certificate-add_support_for_SNI.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add unit tests and cloud on python 2.6
* Add all python 3.x we support
Co-authored-by: Felix Fontein <felix@fontein.de>
* disable 3.5 because of acme_inspect
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
selfsigned_not_after and ownca_not_after values for macOS 10.15,
can be +825d. Updated the docs accordingly.
Migrated from ansible/ansible#64563
Thanks to Sironheart
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improve changelog generator config.
* We don't have docs at that URL.
* Require Ansible(-base) 2.9.10 or newer.
Needed for deprecation syntax.
* Update all deprecations from Ansible 2.1x to community.crypto 2.0.0.
* Forgot to check in fixes.
* Shorten lines.
* Fix unit test requirements.
* Fix YAML strings which only had a closing quote.
* Galaxy neither likes uppercase nor spaces in tags.
* General README improvements.
* Add roadmap section to README.
* Next release will be 1.0.0.
* Extend using instructions.
* Tags with dashes are also not allowed.
* Fix changelog link.
* Support otherName in subAltName in CSR for UTF8 strings
* Remove uneeded docs and added changelog fragment
* Missed a merge conflict
* Fix up sanity issues and added test expectation
* Rename function
* Prepare extra sanity tests.
* Run some extra sanity tests.
* Linting.
* Experimenting
* Linting.
* Run tests in docker container.
* Improve run code.
* Use requests instead of Ansible code (which needs to be installed first).
* Refactor and add more debugging.
* More ls.
* More ls.
* More ls in container.
* Copy cwd into container.
* Improve container handling.
* Make tests configurable.
* Using proper argument parser.
* Add colors.
* Allow to disable test.
* Always run all tests for now. (Change detection needs to know about git I think).
* Use argument parser for main executable. Force colors for CI.
* Allow to specify targets.
* Linting.
* Switch to ansibulled-changelog.
* Use runner from community.internal_test_tools (current dev branch for runner).
* Clone official repository instead of my fork/branch.
Felix Fontein
Markus Teufelberger
Patrick Pichler
Arnoways
s-hamann
Olivier Clavel
Baptiste Mille-Mathias
Abhijeet Kasurde
Jordan Borean
Toshio Kuratomi
Sloane Hertel
Lucas Hoffmann
Andrew Klychkov