Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openssl_csr: idempotency doesn't work correctly for keyUsage #50361

Merged
merged 3 commits into from Jan 3, 2019
Merged

openssl_csr: idempotency doesn't work correctly for keyUsage #50361

merged 3 commits into from Jan 3, 2019

Conversation

felixfontein
Copy link
Contributor

SUMMARY

The idempotency check for keyUsage can only distinguish between no keyUsage specified, and something specified as keyUsage. The problem is that the given values (extension and keyUsage module option) are converted to NIDs via OpenSSL._util.lib.OBJ_txt2nid(), which returns 0 for all valid keyUsage values. So the resulting integer sets are either empty, or consist of a single entry 0.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

openssl_csr

@felixfontein felixfontein mentioned this pull request Dec 28, 2018
Merged
@ansibot
Copy link
Contributor

ansibot commented Dec 28, 2018

cc @Spredzy
click here for bot help

@ansibot ansibot added affects_2.8 This issue/PR affects Ansible v2.8 bug This issue/PR relates to a bug. community_review In order to be merged, this PR must follow the community review workflow. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. support:community This issue/PR relates to code supported by the Ansible community. labels Dec 28, 2018
@felixfontein
Copy link
Contributor Author

CC @MarkusTeufelberger @thomwiggers

thomwiggers
thomwiggers approved these changes Jan 2, 2019
View reviewed changes
Copy link
Contributor

@thomwiggers thomwiggers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ansibot ansibot added shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jan 2, 2019
@MarkusTeufelberger
Copy link
Contributor

Great find!

@amenonsen amenonsen merged commit a5bf71a into ansible:devel Jan 3, 2019
@felixfontein felixfontein deleted the openssl_csr-idempotency-tests branch January 3, 2019 15:20
@felixfontein
Copy link
Contributor Author

@thomwiggers @MarkusTeufelberger thanks for your reviews!
@amenonsen thanks for merging!

felixfontein added a commit to felixfontein/ansible that referenced this pull request Jan 3, 2019
@felixfontein
openssl_csr: idempotency doesn't work correctly for keyUsage (ansible…
2d1274a 
…#50361)

* Fix key usage idempotency bug.

* Extend tests.

* Add changelog.

(cherry picked from commit a5bf71a)
@felixfontein felixfontein mentioned this pull request Jan 3, 2019
Merged
@sivel sivel removed the needs_triage Needs a first human triage before being processed. label Jan 4, 2019
abadger pushed a commit that referenced this pull request Jan 7, 2019
@felixfontein @abadger
openssl_csr: idempotency doesn't work correctly for keyUsage (#50361)
7ced444 
* Fix key usage idempotency bug.

* Extend tests.

* Add changelog.

(cherry picked from commit a5bf71a)
kbreit pushed a commit to kbreit/ansible that referenced this pull request Jan 11, 2019
@felixfontein @kbreit
openssl_csr: idempotency doesn't work correctly for keyUsage (ansible…
2aacf1d 
…#50361)

* Fix key usage idempotency bug.

* Extend tests.

* Add changelog.
@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 7, 2019
@ansible ansible locked and limited conversation to collaborators Jul 22, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@thomwiggers thomwiggers thomwiggers approved these changes

Assignees
No one assigned
Labels
affects_2.8 This issue/PR affects Ansible v2.8 bug This issue/PR relates to a bug. crypto Crypto community (ACME, openssl, letsencrypt) module This issue/PR relates to a module. shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@felixfontein @ansibot @MarkusTeufelberger @thomwiggers @amenonsen @sivel @dagwieers