* Move acme.py to acme/__init__.py to prepare splitup.
* Began moving generic code out.
* Creating backends.
* Update unit tests.
* Move remaining new code out.
* Use new interface.
* Rewrite module init code.
* Add changelog.
* Add BackendException for crypto backend errors.
* Improve / uniformize ACME error reporting.
* Create ACMELegacyAccount for backwards compatibility.
* Split up ACMEAccount into ACMEClient and ACMEAccount.
* Move get_keyauthorization into module_utils.acme.challenges.
* Improve error handling.
* Move challenge and authorization handling code into module_utils.
* Add split_identifier helper.
* Move order code into module_utils.
* Move ACME v2 certificate handling code to module_utils.
* Fix/move ACME v1 certificate retrieval to module_utils as well.
* Refactor alternate chain handling code by splitting it up into simpler functions.
* Make chain matcher creation part of backend.
* Use B(...) instead of RST formatting (which does not work for options).
* Improve the documentation on acme_directory.
It now mentions the ACME v1 deprecation for Let's Encrypt,
and mentions that ZeroSSL works.
* Improve ACME module documentation.
* Update plugins/doc_fragments/acme.py
* Rename identify.py to pem.py.
* Move split PEM list code to pem.py crypto module_utils.
* Extend and use global certificate splitting code in acme_certificate.
* openssl_pkcs12: allow to load multiple certificates from files mentioned in other_certificates.
* Add changelog and module_utils redirect.
* Remove old check.
* Fix typo.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add example.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Improve error messages for name decoding (not all names appear in SANs).
* Refactor DN parsing, add relative DN parsing code.
* Allow to specify CRL distribution points.
* Add changelog fragment.
* Fix typo.
* Make sure value argument to x509.NameAttribute is a text.
* Update changelogs/fragments/167-openssl_csr-crl-distribution-points.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Add example.
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Allow to configure PBKDF.
* Also add PBKDF options to key add operation.
* Simplify code.
* Update plugins/modules/luks_device.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Fix indent.
* Use more of the options.
* Bump iteration count.
* Increase memory limit.
* Fall back to default PBKDF.
* Apply suggestions from code review
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Added sever name option to use for SNI
* cleanup code
Co-authored-by: Felix Fontein <felix@fontein.de>
* added module version for new parameter
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI explanation
Co-authored-by: Felix Fontein <felix@fontein.de>
* added SNI link to module description
* linting
* cleanup code
* Update plugins/modules/get_certificate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* integration test for SNI server_name option
Co-authored-by: Felix Fontein <felix@fontein.de>
* Improve openssh_* tests.
* Use 2048 instead of 4096 bit keys in many places.
ci_complete
* Parameterize default RSA key length for tests.
* Reduce default RSA key size to 1024.
ci_complete
* Fix error.
ci_complete
* Use variable more often.
* Use 2048 bits for RSA keys for certificates on RHEL8 and CentOS8.
ci_complete
* Fix missing constant.
ci_complete
* Print default key sizes.
* openssl_pkcs12: Add a check for parsed pkcs12 files
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add changelog fragment
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* openssl_pkcs12: Report changed state when a pkcs12 file is dumped
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add a basic test for dumping a pkcs12 file
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Update changelog fragment
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Add test for dumped pkcs12 file in check mode
Signed-off-by: Norman Ziegner <norman.ziegner@ufz.de>
* Fix example in docs, and make sure to wipe result variable.
* Update plugins/modules/openssl_privatekey_pipe.py
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
* Improve error handling in support code for cryptography backend.
* Update changelogs/fragments/139-improve-error-handling.yml
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
Felix Fontein
Ed Schaller
Orosz Dávid
NorthFuture
AutumnalAntlers
Andrew Klychkov
John R Barker
Norman Ziegner