wbrawner/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix _validate_csr_subject and _validate_csr_signature (#62790)

Browse source 
On python 3, if there is no explicit "return True", the
function call will be seen as "False", thus failling the module

(cherry picked from commit 75c4e9ec05)
This commit is contained in:
Michael Scherer 2019-09-29 16:17:38 +02:00 committed by Toshio Kuratomi
parent de4d3dc34d
commit 25ff3d491a
2 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/62790-openssl_certificate_fix_assert.yml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors."

6
lib/ansible/modules/crypto/openssl_certificate.py
View file

@ -1861,12 +1861,10 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase):
def _validate_csr_signature(self):
if not self.csr.is_signature_valid:
return False
if self.csr.public_key().public_numbers() != self.cert.public_key().public_numbers():
return False
return self.csr.public_key().public_numbers() == self.cert.public_key().public_numbers()
def _validate_csr_subject(self):
if self.csr.subject != self.cert.subject:
return False
return self.csr.subject == self.cert.subject
def _validate_csr_extensions(self):
cert_exts = self.cert.extensions