Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl_certificate: fix passphrase handling for cryptography backend #56155

Merged
merged 5 commits into from May 8, 2019
Merged

openssl_certificate: fix passphrase handling for cryptography backend #56155

merged 5 commits into from May 8, 2019

Conversation

felixfontein
Copy link
Contributor

SUMMARY

When creating selfsigned certificates with a private key passphrase (or probably also OwnCA certificates where the OwnCA key is passphrase protected), the module fails incorrectly when used with the cryptography backend. Fixes #55495.

I've added tests to prevent this in the future (I also extended them for openssl_csr).

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

openssl_certificate

@felixfontein felixfontein mentioned this pull request May 7, 2019
Closed
@ansibot
Copy link
Contributor

ansibot commented May 7, 2019

cc @MarkusTeufelberger @Shaps @Spredzy @Xyon @puiterwijk @resmo
click here for bot help

@ansibot ansibot added affects_2.9 This issue/PR affects Ansible v2.9 bug This issue/PR relates to a bug. community_review In order to be merged, this PR must follow the community review workflow. crypto Crypto community (ACME, openssl, letsencrypt) needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. test This PR relates to tests. labels May 7, 2019
@Shaps
Copy link
Contributor

Shaps commented May 7, 2019

shipit

@ansibot ansibot added shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. needs_triage Needs a first human triage before being processed. labels May 7, 2019
@felixfontein
Copy link
Contributor Author

shipit

@ansibot ansibot added the automerge This PR was automatically merged by ansibot. label May 8, 2019
@ansibot ansibot merged commit 7a957ba into ansible:devel May 8, 2019
@felixfontein
Copy link
Contributor Author

@Shaps thanks for reviewing this!

felixfontein added a commit to felixfontein/ansible that referenced this pull request May 8, 2019
@felixfontein
openssl_certificate: fix passphrase handling for cryptography backend (
0351a2f 
…ansible#56155)

* Make sure passphrase is bytes string.

* Fix typo.

* Add more passphrase tests.

* Fix test names.

* Add changelog.

(cherry picked from commit 7a957ba)
@felixfontein felixfontein deleted the openssl_certificate-password branch May 8, 2019 04:01
@felixfontein felixfontein mentioned this pull request May 8, 2019
Merged
abadger pushed a commit that referenced this pull request May 21, 2019
@felixfontein @abadger
openssl_certificate: fix passphrase handling for cryptography backend (
a07ed85 
…#56155)

* Make sure passphrase is bytes string.

* Fix typo.

* Add more passphrase tests.

* Fix test names.

* Add changelog.

(cherry picked from commit 7a957ba)
@ansible ansible locked and limited conversation to collaborators Aug 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
affects_2.9 This issue/PR affects Ansible v2.9 automerge This PR was automatically merged by ansibot. bug This issue/PR relates to a bug. crypto Crypto community (ACME, openssl, letsencrypt) shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community. test This PR relates to tests.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

openssl_certificate fails when using passphrase
3 participants
@felixfontein @ansibot @Shaps