From b17c07f75ed00e5c2a9c4e040307d88f2be25006 Mon Sep 17 00:00:00 2001
From: Vlad Orlov <vlad@iverify.io>
Date: Mon, 6 May 2024 02:53:06 +0200
Subject: [PATCH 1/2] fix openssl

---
 roles/strongswan/tasks/openssl.yml | 16 ++++++++++++++++
 users.yml                          |  1 +
 2 files changed, 17 insertions(+)

diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
index f51ac9dd0..a454a844b 100644
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@@ -155,10 +155,25 @@
         format: OpenSSH
       with_items: "{{ users }}"
 
+    - name: Get OpenSSL version
+    shell: |
+          set -o pipefail
+          {{ openssl_bin }} version |
+          cut -f 2 -d ' '
+    args:
+      executable: bash
+    register: ssl_version
+    run_once: true
+
+    - name: Set OpenSSL version fact
+      set_fact:
+        openssl_version: "{{ ssl_version.stdout }}"
+
     - name: Build the client's p12
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export
@@ -175,6 +190,7 @@
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export
diff --git a/users.yml b/users.yml
index e9e8c0868..3595db116 100644
--- a/users.yml
+++ b/users.yml
@@ -27,6 +27,7 @@
               [{% for i in _configs_list.files %}
                 {% set config  = lookup('file', i.path)|from_yaml %}
                 '{{ config.server }}'
+                '{{ config.IP_subject_alt_name }}'
                 {{ ',' if not loop.last else '' }}
               {% endfor %}]
 

From 75709948cb6e65f387c9a1d1db9b5fbe0e781015 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Thu, 9 May 2024 19:37:03 -0600
Subject: [PATCH 2/2] Update openssl.yml

---
 roles/strongswan/tasks/openssl.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
index a454a844b..f51a74dc3 100644
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@@ -156,14 +156,14 @@
       with_items: "{{ users }}"
 
     - name: Get OpenSSL version
-    shell: |
-          set -o pipefail
-          {{ openssl_bin }} version |
-          cut -f 2 -d ' '
-    args:
-      executable: bash
-    register: ssl_version
-    run_once: true
+      shell: |
+        set -o pipefail
+        {{ openssl_bin }} version |
+        cut -f 2 -d ' '
+      args:
+        executable: bash
+      register: ssl_version
+      run_once: true
 
     - name: Set OpenSSL version fact
       set_fact: