diff options
author | Felix Fontein <felix@fontein.de> | 2019-11-12 02:23:54 +0100 |
---|---|---|
committer | Matt Davis <nitzmahone@users.noreply.github.com> | 2019-11-11 17:23:54 -0800 |
commit | 0846bb85d38e12208aec99b05ae586b5c5b1aae4 (patch) | |
tree | e6f264685a69718e6bf3dc9bac8c48edbe6dbdcc | |
parent | 484fd8271ec7d8ee787a95f16a4d197cf884062b (diff) | |
download | ansible-0846bb85d38e12208aec99b05ae586b5c5b1aae4.tar.gz |
Backportable subset of: openssl_csr: deprecate version option (#63432) (#63675)
Cherry-picked from ba686154b98194de04a0c37970a3b997394ab7be.
-rw-r--r-- | changelogs/fragments/63432-openssl_csr-version.yml | 2 | ||||
-rw-r--r-- | lib/ansible/modules/crypto/openssl_csr.py | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/changelogs/fragments/63432-openssl_csr-version.yml b/changelogs/fragments/63432-openssl_csr-version.yml new file mode 100644 index 0000000000..4b8858df76 --- /dev/null +++ b/changelogs/fragments/63432-openssl_csr-version.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_csr - a warning is issued if an unsupported value for ``version`` is used for the ``cryptography`` backend." diff --git a/lib/ansible/modules/crypto/openssl_csr.py b/lib/ansible/modules/crypto/openssl_csr.py index f9fd162f7e..ba7c7d79cb 100644 --- a/lib/ansible/modules/crypto/openssl_csr.py +++ b/lib/ansible/modules/crypto/openssl_csr.py @@ -54,6 +54,8 @@ options: version: description: - The version of the certificate signing request. + - "The only allowed value according to L(RFC 2986,https://tools.ietf.org/html/rfc2986#section-4.1) + is 1." type: int default: 1 force: @@ -653,6 +655,8 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase): def __init__(self, module): super(CertificateSigningRequestCryptography, self).__init__(module) self.cryptography_backend = cryptography.hazmat.backends.default_backend() + if self.version != 1: + module.warn('The cryptography backend only supports version 1. (The only valid value according to RFC 2986.)') def _generate_csr(self): csr = cryptography.x509.CertificateSigningRequestBuilder() |