* Prepare IDNA/Unicode conversion code. Use to normalize input.
* Use IDNA library first (IDNA2008) and Python's IDNA2003 implementation as a fallback.
* Make sure idna is installed.
* Add changelog fragment.
* 'punycode' → 'idna'.
* Add name_encoding options and tests.
* Avoid invalid character for IDNA2008.
* Linting.
* Forgot to upate value.
* Work around cryptography bug. Fix port handling for URIs.
* Forgot other place sensitive to cryptography bug.
* Forgot one. (Will likely still fail.)
* Decode IDNA in _compress_entry() to avoid comparison screw-ups.
* Work around Python 3.5 problem in Ansible 2.9's default test container.
* Update changelog fragment.
* Fix error, add tests.
* Python 2 compatibility.
* Update requirements.
* Fix empty check for openssl_pkcs12 tests.
* Remove unnecessary imports.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
Read and write work queue significantly degrades performance on
SSD/NVME devices[1].
In Debian 11 crypttab does not support no-read-workqueue and
no-write-workqueue flags, so the persistent flag is workaround: once
opened with perf parameters persists forever.
[1] https://blog.cloudflare.com/speeding-up-linux-disk-encryption/
Signed-off-by: Yauhen Artsiukhou <jsirex@gmail.com>
* Document OpenSSH 7.7 required for validity always
* Document cert start time option for OpenSSH <7.7
* Improve language of "always" time support
* Update language on `always` to suggested
* Fix indetation
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
* Add basic crypto_info module.
* Improve check.
* Actually test capabilities.
* Also output EC curve list.
* Fix detections.
* Ed25519 and Ed448 are not supported on FreeBSD 12.1.
* Refactor.
* Also retrieve information on the OpenSSL binary.
* Improve splitting.
* Update plugins/modules/crypto_info.py
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Replace list by tuple.
Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typo.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
* Add warning that ASN.1 encoded extension values returned by some modules might not reflect the exact byte sequence in the source file anymore depending on the cryptography version.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove assertonly backend.
* Remove assertonly tests.
* The expired test is basically a test of assertonly.
* Replace assertonly verification by _info + assert.
* Remove Ubuntu 16.04 (Xenial Xerus) from CI.
* Removing PyOpenSSL backend from everywhere but openssl_pkcs12.
* Remove PyOpenSSL support from module_utils that's not needed for openssl_pkcs12.
* Add changelog fragment.
* Initial commit
* Matching tests to overwritten permissions behavior with cryptography
* Ensuring key validation only occurs when state=present and accomodating CentOS6 restrictions
* Making ssh-keygen behavior explicit by version in tests
* Ensuring cyrptography not excluded in new conditions
* Adding changelog fragment
* Fixing sanity checks
* Improving readability
* Applying review suggestions
* addressing restore_on_failure conflict
* Initial commit
* Fixing unit tests
* More unit fixes
* Adding changelog fragment
* Minor refactor in Certificate.generate()
* Addressing option case-sensitivity and directive overrides
* Renaming idempotency to regenerate
* updating changelog
* Minor refactoring of default options
* Cleaning up with inline functions
* Fixing false failures when regenerate=fail and improving clarity
* Applying second round of review suggestions
* adding helper for safe atomic moves
Use of the confusingly-named _permissions_changed() on both
sides of an `or` was resulting in the second invocation not
being reached if the first invocation returned True, which it
does any time it applied custom attributes to the private key.
As a result, custom file attributes were only ever being
applied to the private key (except in one specific case)
This is fixed by explicitly updating attributes of both files
before checking if changes have been made.
Signed-off-by: Charlie Wheeler-Robinson <cwheeler@redhat.com>
* Initial commit
* Fixing units
* Adding changelog fragment
* Enhanced encapsulation of certificate data
* Avoiding failure when path is not parseable
* Diff refactor
* Applying initial review suggestions
* Refactoring openssh_keypair for multiple backends
* Fixing cryptography backend validations
* Simplifying conditionals and excess variable assignments
* Fixing docs and adding cleanup for integration tests
* Fixing docs and public key validation bugs in crypto backend
* Enhancing cryptogagraphy utils to raise OpenSSHErrors when file not found
* Adding missed copyright and cleanup for idempotency test keys
* Fixing doc style
* Readding crypto/openssh for backwards compatibility
* Adding changelog fragment and final simplifications of conditional statements
* Applied initial review suggestions
* Add diff support to openssl_privatekey.
* Add diff support to openssl_csr.
* Add diff support to x509_crl.
* Add diff support to x509_certificate.
* Add diff support to openssl_publickey.
* Add changelog fragment.
* Prefer one fingerprint for diff infos to reduce noise.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Began refactoring.
* Continue.
* Factor PyOpenSSL backend out.
* Add basic cryptography backend.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Only run tests when new enough pyOpenSSL or cryptography is around.
* Reduce required pyOpenSSL version from 17.1.0 to 0.15.
I have no idea why 17.1.0 was there (in the tests), and not something smaller.
The module itself did not mention any version.
* Linting.
* Linting.
* Increase compatibility by selecting pyopenssl backend when iter_size or maciter_size is used.
* Improve docs, add changelog fragment.
* Move hackish code to cryptography_support.
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Update plugins/modules/openssl_pkcs12.py
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Streamline cert creation.
* Convert range to list.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Return more public key information.
* Make sure bit size is converted to int first.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Remove no longer necessary code.
* Use correct return value's name.
* Add trailing commas.
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
* Add openssl_publickey_info module. Share code between openssl_privatekey_info and the new module, and improve documentation of it.
* Move public key loading to support module.
* Require pyOpenSSL 16.0.0 for public key loading.
* Linting.
* Apply suggestions from code review
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
Felix Fontein
Yauhen
bluikko
Andrew Pantuso
JochenKorge
Jasmine Hegman
Charlie Wheeler-Robinson