From e943505ab2599caadb9d966b6e805bd29b93b047 Mon Sep 17 00:00:00 2001 From: Virgil Dupras Date: Wed, 28 Jun 2017 01:39:54 -0400 Subject: letsencrypt: FIX CN parsing to work with OpenSSL 1.1 (#25935) As we can see in https://github.com/diafygi/acme-tiny/commit/9537453586cd5124d5e4e46d78f9ed909180835d : CN used to be without whitespaces around the `=` but OpenSSL 1.1 introduced whitespaces: 1.0.1: subject=/CN=example.com 1.1.0: subject=CN = example.com This commit makes them optional. OpenSSL 1.1 is present on the newly-released Debian Stretch, so absence of this fix makes us not being able to use this module on this distro. (cherry picked from commit 9474f20f2df6e10734d81800b5b0f57ae5c834ca) --- lib/ansible/modules/web_infrastructure/letsencrypt.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/ansible') diff --git a/lib/ansible/modules/web_infrastructure/letsencrypt.py b/lib/ansible/modules/web_infrastructure/letsencrypt.py index 898802b8c4..15dfd2240b 100644 --- a/lib/ansible/modules/web_infrastructure/letsencrypt.py +++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py @@ -529,7 +529,7 @@ class ACMEClient(object): _, out, _ = self.module.run_command(openssl_csr_cmd,check_rc=True) domains = set([]) - common_name = re.search(r"Subject:.*? CN=([^\s,;/]+)", out.decode('utf8')) + common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8')) if common_name is not None: domains.add(common_name.group(1)) subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL) -- cgit v1.2.1