From 1fe5171f1a48759e6ee99adf945213c128c33f44 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 13 Sep 2017 11:06:23 +0200 Subject: [PATCH] openssl_certificate: make subject-alt-name identifier conistent with openssl_csr (#30151) --- lib/ansible/modules/crypto/openssl_certificate.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index b42f6c227b..b2d7ca4b05 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -542,11 +542,11 @@ class AssertOnlyCertificate(Certificate): for extension_idx in range(0, self.cert.get_extension_count()): extension = self.cert.get_extension(extension_idx) if extension.get_short_name() == 'subjectAltName': - l_subjectAltName = [altname.replace('IP', 'IP Address') for altname in self.subjectAltName] - if (not self.subjectAltName_strict and not all(x in str(extension).split(', ') for x in l_subjectAltName)) or \ - (self.subjectAltName_strict and not set(l_subjectAltName) == set(str(extension).split(', '))): + l_altnames = [altname.replace('IP Address', 'IP') for altname in str(extension).split(', ')] + if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \ + (self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)): self.message.append( - 'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (str(extension).split(', '), l_subjectAltName) + 'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (l_altnames, self.subjectAltName) ) def _validate_notBefore():