* Use timezone aware functionality when using cryptography >= 42.0.0.
* Adjust OpenSSH certificate code to avoid functions deprecated in Python 3.12.
* Strip timezone info from isoformat() output.
* InvalidityDate.invalidity_date currently has no _utc variant.
* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Use new PKCS#12 deserialization code from cryptography 36.0.0 if available.
* Refactor into smaller functions.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
* Add some workarounds for cryptography 35.0.0.
* Make fix work with very old cryptography versions as well (which supported multiple backends).
* [TEMP] Disable openssl_pkcs12 tests to see whether everything else works.
* Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works."
This reverts commit 3f905bc795.
* Add changelog fragment.
* Remove unnecessary assignment.
* Simplify code change.
* [TEMP] Disable openssl_pkcs12 tests to see whether everything else works.
* Revert "[TEMP] Disable openssl_pkcs12 tests to see whether everything else works."
This reverts commit fdb210528e.
* Adjust dirName serialization to RFC 4514.
* Adjust deserialization to RFC 4514.
* Add changelog fragment.
* Use Unicode strings, and work around Python 2 and Python 3 differences and problems with old cryptography versions.
* Work with bytes, not Unicode strings, to handle escaping of Unicode endpoints correctly.
* Began refactoring.
* Continue.
* Factor PyOpenSSL backend out.
* Add basic cryptography backend.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Only run tests when new enough pyOpenSSL or cryptography is around.
* Reduce required pyOpenSSL version from 17.1.0 to 0.15.
I have no idea why 17.1.0 was there (in the tests), and not something smaller.
The module itself did not mention any version.
* Linting.
* Linting.
* Increase compatibility by selecting pyopenssl backend when iter_size or maciter_size is used.
* Improve docs, add changelog fragment.
* Move hackish code to cryptography_support.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Streamline cert creation.
* Convert range to list.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Improve error messages for name decoding (not all names appear in SANs).
* Refactor DN parsing, add relative DN parsing code.
* Allow to specify CRL distribution points.
* Add changelog fragment.
* Fix typo.
* Make sure value argument to x509.NameAttribute is a text.
* Update changelogs/fragments/167-openssl_csr-crl-distribution-points.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add example.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Support otherName in subAltName in CSR for UTF8 strings
* Remove uneeded docs and added changelog fragment
* Missed a merge conflict
* Fix up sanity issues and added test expectation
* Rename function
Felix Fontein
Jordan Borean