9ea1b18ff7
* allow multiple values per key in name fields in openssl_certificate * check correct side of comparison * trigger only on lists * add subject parameter to openssl_csr * fix key: value mapping not skipping None elements * temporary fix for undefined "subject" field * fix iteration over subject entries * fix docs * quote sample string * allow csr with only subject defined * fix integration test * look up NIDs before comparing, add hidden _strict params * deal with empty issuer/subject fields * adapt integration tests * also normalize output from pyopenssl * fix issue with _sanitize_inputs * don't convert empty lists * workaround for pyopenssl limitations * properly encode the input to the txt2nid function * another to_bytes fix * make subject, commonname and subjecAltName completely optional * don't compare hashes of keys in openssl_csr integration tests * add integration test for old API in openssl_csr * compare keys directly in certificate and publickey integration tests * fix typo
101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
- block:
|
|
- name: Generate privatekey
|
|
openssl_privatekey:
|
|
path: '{{ output_dir }}/privatekey.pem'
|
|
|
|
- name: Generate CSR
|
|
openssl_csr:
|
|
path: '{{ output_dir }}/csr.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
subject:
|
|
commonName: www.example.com
|
|
|
|
- name: Generate selfsigned certificate
|
|
openssl_certificate:
|
|
path: '{{ output_dir }}/cert.pem'
|
|
csr_path: '{{ output_dir }}/csr.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
provider: selfsigned
|
|
selfsigned_digest: sha256
|
|
|
|
- name: Check selfsigned certificate
|
|
openssl_certificate:
|
|
path: '{{ output_dir }}/cert.pem'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
provider: assertonly
|
|
has_expired: False
|
|
version: 3
|
|
signature_algorithms:
|
|
- sha256WithRSAEncryption
|
|
- sha256WithECDSAEncryption
|
|
subject:
|
|
commonName: www.example.com
|
|
|
|
- name: Generate selfsigned v2 certificate
|
|
openssl_certificate:
|
|
path: '{{ output_dir }}/cert_v2.pem'
|
|
csr_path: '{{ output_dir }}/csr.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey.pem'
|
|
provider: selfsigned
|
|
selfsigned_digest: sha256
|
|
selfsigned_version: 2
|
|
|
|
- name: Generate privatekey2
|
|
openssl_privatekey:
|
|
path: '{{ output_dir }}/privatekey2.pem'
|
|
|
|
- name: Generate CSR2
|
|
openssl_csr:
|
|
subject:
|
|
CN: www.example.com
|
|
C: US
|
|
ST: California
|
|
L: Los Angeles
|
|
O: ACME Inc.
|
|
OU:
|
|
- Roadrunner pest control
|
|
- Pyrotechnics
|
|
path: '{{ output_dir }}/csr2.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
|
keyUsage:
|
|
- digitalSignature
|
|
extendedKeyUsage:
|
|
- ipsecUser
|
|
- biometricInfo
|
|
|
|
- name: Generate selfsigned certificate2
|
|
openssl_certificate:
|
|
path: '{{ output_dir }}/cert2.pem'
|
|
csr_path: '{{ output_dir }}/csr2.csr'
|
|
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
|
provider: selfsigned
|
|
selfsigned_digest: sha256
|
|
|
|
- name: Check selfsigned certificate2
|
|
openssl_certificate:
|
|
path: '{{ output_dir }}/cert2.pem'
|
|
privatekey_path: '{{ output_dir }}/privatekey2.pem'
|
|
provider: assertonly
|
|
has_expired: False
|
|
version: 3
|
|
signature_algorithms:
|
|
- sha256WithRSAEncryption
|
|
- sha256WithECDSAEncryption
|
|
subject:
|
|
commonName: www.example.com
|
|
C: US
|
|
ST: California
|
|
L: Los Angeles
|
|
O: ACME Inc.
|
|
OU:
|
|
- Roadrunner pest control
|
|
- Pyrotechnics
|
|
keyUsage:
|
|
- digitalSignature
|
|
extendedKeyUsage:
|
|
- ipsecUser
|
|
- biometricInfo
|
|
|
|
- import_tasks: ../tests/validate.yml
|
|
|
|
when: pyopenssl_version.stdout is version('0.15', '>=')
|