openssl_csr*: fix crash for key_usage idempotency check (#935)

* Fix crash for key_usage idempotency check. * Add test.
2026-04-26 00:16:28 +00:00 · 2025-07-17 19:37:46 +02:00
parent e294890a5e
commit 55ae448036
4 changed files with 27 additions and 1 deletions
--- a/plugins/module_utils/_crypto/module_backends/csr.py
+++ b/plugins/module_utils/_crypto/module_backends/csr.py
@@ -546,7 +546,14 @@ class CertificateSigningRequestBackend:
                return False
            params = cryptography_parse_key_usage_params(self.key_usage)
            for param, value in params.items():
-                if getattr(current_keyusage_ext.value, param) != value:
+                try:
+                    # param in ('encipher_only', 'decipher_only') can result in ValueError()
+                    # being raised if key_agreement == False.
+                    current_value = getattr(current_keyusage_ext.value, param)
+                except ValueError:
+                    # In that case, assume that the value is False.
+                    current_value = False
+                if current_value != value:
                    return False
            return current_keyusage_ext.critical == self.key_usage_critical