Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[2.8] openssl_privatekey: forgot to add secp256r1 #58610

Merged
merged 1 commit into from Jul 16, 2019

Conversation

Projects
None yet
3 participants
@felixfontein
Copy link
Contributor

commented Jul 1, 2019

SUMMARY

Backport of #58605 to stable-2.8.

I'm not sure whether this really counts as a bugfix, or is more a feature request, since this adds a new curve. Since the original intend of elliptic curve support was to cover the most important curves, this one should have really been there in the first place. Mentioning secp256k1 instead of secp256r1 as most interoperable is definitely a bug: secp256r1 and secp384r1 are the only elliptic curves supported by almost all browsers (excluding too old ones), while secp256k1 usually isn't supported. (For example, both Chrome 49 and IE11 only support these two curves, while Firefox 47 and Safari 7 additionally support secp521r1; search for "named groups" in the links for details. Safari 10 still supports no other groups, so even with more modern browsers one still is stuck with these two curves.)

So I'd argue for this to be a bugfix. In the PR, @MarkusTeufelberger also agreed to this.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

openssl_privatekey

openssl_privatekey: forgot to add secp256r1 (#58605)
* Forgot to add secp256r1. This one is the interoperable one.

* Add changelog.

(cherry picked from commit 5d5a7d6)
@ansibot

This comment has been minimized.

Copy link
Contributor

commented Jul 1, 2019

@abadger

This comment has been minimized.

Copy link
Member

commented Jul 16, 2019

Yeah, this is on the edge. Since the module is preview, community and the code change is extremely minimal (just adding one more allowed choice) I'll go along with the maintainers' decision here that we can consider this a bugfix.

@abadger

This comment has been minimized.

Copy link
Member

commented Jul 16, 2019

Merged for the 2.8.3 release.

@ansibot ansibot removed the needs_triage label Jul 16, 2019

@abadger abadger merged commit dd758f5 into ansible:stable-2.8 Jul 16, 2019

1 check passed

Shippable Run 130372 status is SUCCESS.
Details

@felixfontein felixfontein deleted the felixfontein:backport/2.8/58605 branch Jul 16, 2019

@felixfontein

This comment has been minimized.

Copy link
Contributor Author

commented Jul 16, 2019

@abadger thanks for merging this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.