diff options
| author | Felix Fontein <felix@fontein.de> | 2021-03-08 10:10:46 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-08 03:10:46 -0600 |
| commit | fc1f44e7944cd41dfe69df9511af082db76a1d9c (patch) | |
| tree | 592834a562b2c32468dc6eeaeaee21e81a122403 | |
| parent | 68f32e43c1bdbfd4bec2d6923ca9b1c5a0d5ffd3 (diff) | |
| download | ansible-fc1f44e7944cd41dfe69df9511af082db76a1d9c.tar.gz | |
Backport of https://github.com/ansible-collections/community.crypto/pull/180 to stable-2.9. (#73815)
| -rw-r--r-- | changelogs/fragments/community.cryto-180-openssl-csr-basic-constraint.yml | 3 | ||||
| -rw-r--r-- | lib/ansible/modules/crypto/openssl_csr.py | 6 |
2 files changed, 6 insertions, 3 deletions
diff --git a/changelogs/fragments/community.cryto-180-openssl-csr-basic-constraint.yml b/changelogs/fragments/community.cryto-180-openssl-csr-basic-constraint.yml new file mode 100644 index 0000000000..4afe2c5a5f --- /dev/null +++ b/changelogs/fragments/community.cryto-180-openssl-csr-basic-constraint.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - "openssl_csr - no longer fails when comparing CSR without basic constraint when ``basic_constraints`` is specified (https://github.com/ansible-collections/community.crypto/issues/179, https://github.com/ansible-collections/community.crypto/pull/180)." diff --git a/lib/ansible/modules/crypto/openssl_csr.py b/lib/ansible/modules/crypto/openssl_csr.py index c045f2594d..e2ffe38e02 100644 --- a/lib/ansible/modules/crypto/openssl_csr.py +++ b/lib/ansible/modules/crypto/openssl_csr.py @@ -911,9 +911,9 @@ class CertificateSigningRequestCryptography(CertificateSigningRequestBase): return False # Check criticality if self.basicConstraints: - if bc_ext.critical != self.basicConstraints_critical: - return False - return True + return bc_ext is not None and bc_ext.critical == self.basicConstraints_critical + else: + return bc_ext is None def _check_ocspMustStaple(extensions): try: |