* Fix empty check for openssl_pkcs12 tests.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
system packages, but cryptography 36.0.1 is already present and shadows the
one from the system packages. Since PyOpenSSL is also installed from the system
packages, there is a version mismatch between the two. Temporarily disable the
Python 3.8 tests with the 'default' image on ansible-core 2.13 until this is
resolved, or the stable-1 branch is EOL (whatever comes first).
* Regenerate certificate on CA's subject change. (#402)
(cherry picked from commit 3ebc132c03)
* Add fix for PyOpenSSL backend.
* x509_certificate: check existing certificate's signature for selfsigned and ownca provider (#407)
* Verify whether signature matches.
* Add changelog fragment.
* Forgot imports.
* Fix wrong name.
* Check whether the CA private key fits to the CA certificate. Use correct key in tests.
* Refactor code.
(cherry picked from commit 28729657ac)
* There doesn't seem a way to do this with pyOpenSSL.
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
(cherry picked from commit 11a14543c8)
Co-authored-by: Felix Fontein <felix@fontein.de>
* PyOpenSSL 22.0.0 no longer supports Python 2.7. (#387)
(cherry picked from commit 5abfe8fca9)
* Do not install PyOpenSSL from PyPi if cryptography cannot be updated - at least on FreeBSD 13.0, latest PyOpenSSL requires a cryptography upgrade, which breaks CI.
* Revert "Do not install PyOpenSSL from PyPi if cryptography cannot be updated - at least on FreeBSD 13.0, latest PyOpenSSL requires a cryptography upgrade, which breaks CI."
This reverts commit 16f9145653.
* Try another approach.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update CI matrix for Remote Devel.
* Add Python info entries.
(cherry picked from commit cd5ed011a5)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Avoid infinite loops, and double roots when root certificate was already part of chain.
* Refactor tests for readability.
(cherry picked from commit 6ee238d961)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use modules from internal_test_tools instead of stat workaround to check whether file actually changed.
* Properly add testing dependency.
(cherry picked from commit 471506c5d4)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Name test tasks in a more explicite manner
* Space test + verification blocks apart
* Apply suggestions from code review
Co-authored-by: Jens Heinrich <github.com/JensHeinrich>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 2c05221d89)
Co-authored-by: Jens Heinrich <59469646+JensHeinrich@users.noreply.github.com>
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
(cherry picked from commit a539cd6939)
The first case about ca_csr has been copy/pasted.
But in the following cases, the CSR must be the certificate csr.
(cherry picked from commit 32dab841d7)
Co-authored-by: Bruno Vernay <brunovern.a@gmail.com>
Felix Fontein
patchback[bot]
Andrew Pantuso