diff options
author | Virgil Dupras <hsoft@hardcoded.net> | 2017-06-28 01:39:54 -0400 |
---|---|---|
committer | Rene Moser <mail@renemoser.net> | 2017-06-28 09:21:21 +0200 |
commit | e943505ab2599caadb9d966b6e805bd29b93b047 (patch) | |
tree | f29d45e34ca948772fe9cfced3035241fe209620 /lib/ansible | |
parent | 7424e1c41768da5811375de1a17c31757232582f (diff) | |
download | ansible-e943505ab2599caadb9d966b6e805bd29b93b047.tar.gz |
letsencrypt: FIX CN parsing to work with OpenSSL 1.1 (#25935)
As we can see in
https://github.com/diafygi/acme-tiny/commit/9537453586cd5124d5e4e46d78f9ed909180835d
:
CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced
whitespaces:
1.0.1: subject=/CN=example.com
1.1.0: subject=CN = example.com
This commit makes them optional.
OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence
of this fix makes us not being able to use this module on this distro.
(cherry picked from commit 9474f20f2df6e10734d81800b5b0f57ae5c834ca)
Diffstat (limited to 'lib/ansible')
-rw-r--r-- | lib/ansible/modules/web_infrastructure/letsencrypt.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ansible/modules/web_infrastructure/letsencrypt.py b/lib/ansible/modules/web_infrastructure/letsencrypt.py index 898802b8c4..15dfd2240b 100644 --- a/lib/ansible/modules/web_infrastructure/letsencrypt.py +++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py @@ -529,7 +529,7 @@ class ACMEClient(object): _, out, _ = self.module.run_command(openssl_csr_cmd,check_rc=True) domains = set([]) - common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8')) + common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8')) if common_name is not None: domains.add(common_name.group(1)) subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL) |