wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

openssl_certificate: make subject-alt-name identifier conistent with openssl_csr (#30151)

Browse source
This commit is contained in:
Christian Pointner 2017-09-13 11:06:23 +02:00 committed by ansibot
parent 442af3744e
commit 1fe5171f1a
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
lib/ansible/modules/crypto/openssl_certificate.py
View file

@ -542,11 +542,11 @@ class AssertOnlyCertificate(Certificate):
for extension_idx in range(0, self.cert.get_extension_count()):
extension = self.cert.get_extension(extension_idx)
if extension.get_short_name() == 'subjectAltName':
l_subjectAltName = [altname.replace('IP', 'IP Address') for altname in self.subjectAltName]
if (not self.subjectAltName_strict and not all(x in str(extension).split(', ') for x in l_subjectAltName)) or \
(self.subjectAltName_strict and not set(l_subjectAltName) == set(str(extension).split(', '))):
l_altnames = [altname.replace('IP Address', 'IP') for altname in str(extension).split(', ')]
if (not self.subjectAltName_strict and not all(x in l_altnames for x in self.subjectAltName)) or \
(self.subjectAltName_strict and not set(self.subjectAltName) == set(l_altnames)):
self.message.append(
'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (str(extension).split(', '), l_subjectAltName)
'Invalid subjectAltName component (got %s, expected all of %s to be present)' % (l_altnames, self.subjectAltName)
)
def _validate_notBefore():