openssl_privatekey breaks in FIPS mode #67213
Labels
affects_2.9
This issue/PR affects Ansible v2.9
bug
This issue/PR relates to a bug.
crypto
Crypto community (ACME, openssl, letsencrypt)
has_pr
This issue has an associated PR.
module
This issue/PR relates to a module.
performance
python3
support:community
This issue/PR relates to code supported by the Ansible community.
traceback
This issue/PR includes a traceback.
SUMMARY
When attempting to create an openssl key on a system in FIPS mode, the module crashes with error:
Module attempts to fingerprint key using all listed algorithms, even though some of them are forbidden by FIPS. In particular, md5 does not work.
ISSUE TYPE
COMPONENT NAME
ANSIBLE VERSION
CONFIGURATION
OS / ENVIRONMENT
STEPS TO REPRODUCE
Target system was RHEL 7 with FIPS mode enabled.
Playbook:
EXPECTED RESULTS
changed: true
failed: false
File /tmp/foo exists and contains a private key in PEM format.
ACTUAL RESULTS
Module crashes with FIPS specific error.
The text was updated successfully, but these errors were encountered: