CSR: avoid access of private attributes (#910)

* Avoid access of private attributes. * Add changelog.
2026-03-26 21:33:25 +00:00 · 2025-05-30 22:46:39 +02:00
parent 8792635bef
commit 31933955e3
2 changed files with 3 additions and 2 deletions
--- a/changelogs/fragments/910-csr.yml
+++ b/changelogs/fragments/910-csr.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "openssl_csr, openssl_csr_pipe - avoid accessing internal members of cryptography's ``KeyUsage`` extension object (https://github.com/ansible-collections/community.crypto/pull/910)."
--- a/plugins/module_utils/_crypto/module_backends/csr.py
+++ b/plugins/module_utils/_crypto/module_backends/csr.py
@@ -600,8 +600,7 @@ class CertificateSigningRequestCryptographyBackend(CertificateSigningRequestBack
                return False
            params = cryptography_parse_key_usage_params(self.keyUsage)
            for param, value in params.items():
-                # TODO: check whether getattr() with '_' prepended is really needed
-                if getattr(current_keyusage_ext.value, "_" + param) != value:
+                if getattr(current_keyusage_ext.value, param) != value:
                    return False
            return current_keyusage_ext.critical == self.keyUsage_critical