* Do not crash when PKCS#12 file contains no private key and/or main certificate.
* Add changelog fragment.
* Call getters only once each, check explicitly for None.
* Add test.
* Also 'parse' correctly PKCS#12 file with no private key.
* Increase # of bits for random serial numbers of certificates with PyOpenSSL backend.
* Adjust algorithm to return a random number between 1000 and 2^160-1.
* Use module_utils from collection, clean up code a bit
* add DSA keys, because why not...
* sign/verify was added in pyOpenSSL 0.11 apparently
* Add signing capability detection to module_utils.crypto.basic
* Rework feature detection of signature types.
* Rename parameters to match other modules
* Add initial version of integration tests
* fix whitespace in tests
* More whitespace fixes
* small fixes for issues in testing
* Organize integration tests as test matrix
* another indentation fix to make pep8 happy
* use openssl pkeyutl when possible, otherwise fall back to openssl dgst
* More linter fixes
* openssl pkeyutl -help can apparently return 1
* ignore errors on openssl call and another try at formatting
* Remove the OpenSSL calls in tests
* Add collection name to deprecation notice and deprecate at version 2.0.0
* Exclude Ed448/25519 tests on pyopenssl
* revert the collection name in the deprecation notice (breaks 2.9)
* limit test platforms even more
* disable FreeBSD DSA and ECC tests
* Add module name to README
* rewrite and split into 2 modules instead
* add module to README and fix whitespace issue
* remove duplicated tests
* address review remarks
* resolve another comment
* acme_account: add support for External Account Binding.
* Add changelog fragment.
* Error if externalAccountRequired is set in ACME directory meta, but external account data is not provided.
* Validate that EAB key is Base64URL encoded.
* Improve documentation.
* Add padding to Base64 encoded key if necessary.
* Make account creation idempotent with ZeroSSL.
This adds the parameter pkcs11_provider, which can be set to the name of
or path to a PKCS#11 library (e.g. libpkcs11.so). ssh-keygen will then
use this library to have the token make any required signatures.
If this is used, signing_key needs to be set to a file containing the
public key that matches the private key on the token.
* Fix CI test groups.
* Make files more similar.
* Run most tests in both cloud and OS-specific environments.
* Run ACME tests in both cloud and OS-specific environments.
* Use different Python version for 2.9 cloud test.
* Revert "Run ACME tests in both cloud and OS-specific environments."
This reverts commit 967bda9438.
* Revert "Run most tests in both cloud and OS-specific environments."
This reverts commit 6e9f090afd.
* get_certificate - Add support of SNI
For python versions supporting `create_default_context` support SNI by using low-level
SSLContext.wrap_socket().getpeercert().
Add also more information in the error message
fixes#69
* Make sure default CA certificates are not loaded when ca_cert is specified.
* Refactor to combine common code.
* Update changelogs/fragments/get_certificate-add_support_for_SNI.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add unit tests and cloud on python 2.6
* Add all python 3.x we support
Co-authored-by: Felix Fontein <felix@fontein.de>
* disable 3.5 because of acme_inspect
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
selfsigned_not_after and ownca_not_after values for macOS 10.15,
can be +825d. Updated the docs accordingly.
Migrated from ansible/ansible#64563
Thanks to Sironheart
Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
* Improve changelog generator config.
* We don't have docs at that URL.
* Require Ansible(-base) 2.9.10 or newer.
Needed for deprecation syntax.
* Update all deprecations from Ansible 2.1x to community.crypto 2.0.0.
* Forgot to check in fixes.
* Shorten lines.
* Fix unit test requirements.
* Fix YAML strings which only had a closing quote.
* Galaxy neither likes uppercase nor spaces in tags.
* General README improvements.
* Add roadmap section to README.
* Next release will be 1.0.0.
* Extend using instructions.
* Tags with dashes are also not allowed.
* Fix changelog link.
* Support otherName in subAltName in CSR for UTF8 strings
* Remove uneeded docs and added changelog fragment
* Missed a merge conflict
* Fix up sanity issues and added test expectation
* Rename function
Felix Fontein
Andrew Klychkov
Markus Teufelberger
Patrick Pichler
Arnoways
s-hamann
Olivier Clavel
Baptiste Mille-Mathias
Abhijeet Kasurde
Jordan Borean
Toshio Kuratomi
Sloane Hertel