From 25ff3d491a0e606755eb96a6e177a190ff06351f Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Sun, 29 Sep 2019 16:17:38 +0200 Subject: [PATCH] Fix _validate_csr_subject and _validate_csr_signature (#62790) On python 3, if there is no explicit "return True", the function call will be seen as "False", thus failling the module (cherry picked from commit 75c4e9ec05690f493ce5e14a74231864b9206fe0) --- .../fragments/62790-openssl_certificate_fix_assert.yml | 2 ++ lib/ansible/modules/crypto/openssl_certificate.py | 6 ++---- 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/62790-openssl_certificate_fix_assert.yml diff --git a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml new file mode 100644 index 0000000000..fb69210452 --- /dev/null +++ b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors." diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index e06946a862..b46ff58d87 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -1861,12 +1861,10 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase): def _validate_csr_signature(self): if not self.csr.is_signature_valid: return False - if self.csr.public_key().public_numbers() != self.cert.public_key().public_numbers(): - return False + return self.csr.public_key().public_numbers() == self.cert.public_key().public_numbers() def _validate_csr_subject(self): - if self.csr.subject != self.cert.subject: - return False + return self.csr.subject == self.cert.subject def _validate_csr_extensions(self): cert_exts = self.cert.extensions