CI: Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel (#834)

* Add Fedora 41, Alpine 3.21, RHEL 9.5, FreeBSD 14.2 to CI for devel. * Fedora 41 also doesn't allow SHA-1 apparently. Ref: https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer * Work around broken cryptography in Fedora 41.
2026-04-26 00:16:28 +00:00 · 2025-01-08 22:08:18 +01:00
parent cfd524f345
commit 029e009db1
4 changed files with 41 additions and 15 deletions
--- a/plugins/modules/crypto_info.py
+++ b/plugins/modules/crypto_info.py
@@ -177,8 +177,16 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.basic impo
 try:
    import cryptography
    from cryptography.exceptions import UnsupportedAlgorithm
+
+    try:
+        # While UnsupportedAlgorithm got added in cryptography 0.1, InternalError
+        # only got added in 0.2, so let's guard the import
+        from cryptography.exceptions import InternalError as CryptographyInternalError
+    except ImportError:
+        CryptographyInternalError = Exception
 except ImportError:
    UnsupportedAlgorithm = Exception
+    CryptographyInternalError = Exception
    CRYPTOGRAPHY_VERSION = None
    CRYPTOGRAPHY_IMP_ERR = traceback.format_exc()
 else:
@@ -274,6 +282,11 @@ def add_crypto_information(module):
                    curves.append(curve_name)
                except UnsupportedAlgorithm:
                    pass
+                except CryptographyInternalError:  # pylint: disable=duplicate-except,bad-except-order
+                    # On Fedora 41, some curves result in InternalError. This is probably because
+                    # Fedora's cryptography is linked against the system libssl, which has the
+                    # curves removed.
+                    pass

    info = {
        'version': CRYPTOGRAPHY_VERSION,