openssl_csr*: fix crash for key_usage idempotency check (#935)

* Fix crash for key_usage idempotency check. * Add test.
2026-03-26 21:33:25 +00:00 · 2025-07-17 19:37:46 +02:00
parent e294890a5e
commit 55ae448036
4 changed files with 27 additions and 1 deletions
--- a/tests/integration/targets/openssl_csr/tasks/impl.yml
+++ b/tests/integration/targets/openssl_csr/tasks/impl.yml
@@ -165,6 +165,21 @@
    select_crypto_backend: '{{ select_crypto_backend }}'
  register: csr_ku_xku_change_2

+- name: "({{ select_crypto_backend }}) Generate CSR with KU and XKU (idempotency 2)"
+  community.crypto.openssl_csr:
+    path: '{{ remote_tmp_dir }}/csr_ku_xku.csr'
+    privatekey_path: '{{ remote_tmp_dir }}/privatekey.pem'
+    subject:
+      commonName: 'www.ansible.com'
+    keyUsage:
+      - digitalSignature
+    extendedKeyUsage:
+      - ipsecUser
+      - qcStatements
+      - Biometric Info
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: csr_ku_xku_change_2_idempotency
+
 - name: "({{ select_crypto_backend }}) Generate CSR with old API"
  community.crypto.openssl_csr:
    path: '{{ remote_tmp_dir }}/csr_oldapi.csr'
--- a/tests/integration/targets/openssl_csr/tests/validate.yml
+++ b/tests/integration/targets/openssl_csr/tests/validate.yml
@@ -56,6 +56,7 @@
      - csr_ku_xku is not changed
      - csr_ku_xku_change is changed
      - csr_ku_xku_change_2 is changed
+      - csr_ku_xku_change_2_idempotency is not changed

 - name: "({{ select_crypto_backend }}) Validate old_API CSR (test - Common Name)"
  ansible.builtin.command: "{{ openssl_binary }} req -noout -subject -in {{ remote_tmp_dir }}/csr_oldapi.csr -nameopt oneline,-space_eq"