internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-05-06 21:33:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Release 2.3.0.

Browse Source
This commit is contained in:
Felix Fontein
2022-05-09 20:53:39 +02:00
parent 4cf951596f
commit 5641e2ac9b
10 changed files with 81 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
changelogs/changelog.yaml
View File

@@ -811,3 +811,56 @@ releases:
- 2.2.4.yml
- 417-openssh_modules-fix-exception-reporting.yml
release_date: '2022-03-22'
2.3.0:
changes:
bugfixes:
- Make collection more robust when PyOpenSSL is used with an incompatible cryptography
version (https://github.com/ansible-collections/community.crypto/pull/445).
- x509_crl - fix crash when ``issuer`` for a revoked certificate is specified
(https://github.com/ansible-collections/community.crypto/pull/441).
minor_changes:
- Prepare collection for inclusion in an Execution Environment by declaring
its dependencies. Please note that system packages are used for cryptography
and PyOpenSSL, which can be rather limited. If you need features from newer
cryptography versions, you will have to manually force a newer version to
be installed by pip by specifying something like ``cryptography >= 37.0.0``
in your Execution Environment's Python dependencies file (https://github.com/ansible-collections/community.crypto/pull/440).
- Support automatic conversion for Internalionalized Domain Names (IDNs). When
passing general names, for example Subject Altenative Names to ``community.crypto.openssl_csr``,
these will automatically be converted to IDNA. Conversion will be done per
label to IDNA2008 if possible, and IDNA2003 if IDNA2008 conversion fails for
that label. Note that IDNA conversion requires `the Python idna library <https://pypi.org/project/idna/>`_
to be installed. Please note that depending on which versions of the cryptography
library are used, it could try to process the converted IDNA another time
with the Python ``idna`` library and reject IDNA2003 encoded values. Using
a new enough ``cryptography`` version avoids this (https://github.com/ansible-collections/community.crypto/issues/426,
https://github.com/ansible-collections/community.crypto/pull/436).
- acme_* modules - add parameter ``request_timeout`` to manage HTTP(S) request
timeout (https://github.com/ansible-collections/community.crypto/issues/447,
https://github.com/ansible-collections/community.crypto/pull/448).
- luks_devices - added ``perf_same_cpu_crypt``, ``perf_submit_from_crypt_cpus``,
``perf_no_read_workqueue``, ``perf_no_write_workqueue`` for performance tuning
when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/issues/427).
- luks_devices - added ``persistent`` option when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/pull/434).
- openssl_csr_info - add ``name_encoding`` option to control the encoding (IDNA,
Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436).
- openssl_pkcs12 - allow to provide the private key as text instead of having
to read it from a file. This allows to store the private key in an encrypted
form, for example in Ansible Vault (https://github.com/ansible-collections/community.crypto/pull/452).
- x509_certificate_info - add ``name_encoding`` option to control the encoding
(IDNA, Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436).
- x509_crl - add ``name_encoding`` option to control the encoding (IDNA, Unicode)
used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436).
- x509_crl_info - add ``name_encoding`` option to control the encoding (IDNA,
Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436).
release_summary: Feature and bugfix release.
fragments:
- 2.3.0.yml
- 434-add-persistent-and-perf-options.yml
- 436-idns.yml
- 440-ee.yml
- 441-x509-crl-cert-issuer.yml
- 445-fix.yml
- 448-acme-request-timeouts.yml
- 452-openssl_pkcs12-private-key-content.yml
release_date: '2022-05-09'

1
changelogs/fragments/2.3.0.yml
View File

@@ -1 +0,0 @@
release_summary: Feature and bugfix release.

4
changelogs/fragments/434-add-persistent-and-perf-options.yml
View File

@@ -1,4 +0,0 @@
---
minor_changes:
- luks_devices - added ``persistent`` option when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/pull/434).
- luks_devices - added ``perf_same_cpu_crypt``, ``perf_submit_from_crypt_cpus``, ``perf_no_read_workqueue``, ``perf_no_write_workqueue`` for performance tuning when opening LUKS2 containers (https://github.com/ansible-collections/community.crypto/issues/427).

12
changelogs/fragments/436-idns.yml
View File

@@ -1,12 +0,0 @@
minor_changes:
- "Support automatic conversion for Internalionalized Domain Names (IDNs).
When passing general names, for example Subject Altenative Names to ``community.crypto.openssl_csr``, these will automatically be converted to IDNA.
Conversion will be done per label to IDNA2008 if possible, and IDNA2003 if IDNA2008 conversion fails for that label.
Note that IDNA conversion requires `the Python idna library <https://pypi.org/project/idna/>`_ to be installed.
Please note that depending on which versions of the cryptography library are used, it could try to process the converted IDNA
another time with the Python ``idna`` library and reject IDNA2003 encoded values. Using a new enough ``cryptography`` version avoids this
(https://github.com/ansible-collections/community.crypto/issues/426, https://github.com/ansible-collections/community.crypto/pull/436)."
- "openssl_csr_info - add ``name_encoding`` option to control the encoding (IDNA, Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436)."
- "x509_certificate_info - add ``name_encoding`` option to control the encoding (IDNA, Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436)."
- "x509_crl - add ``name_encoding`` option to control the encoding (IDNA, Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436)."
- "x509_crl_info - add ``name_encoding`` option to control the encoding (IDNA, Unicode) used to return domain names in general names (https://github.com/ansible-collections/community.crypto/pull/436)."

7
changelogs/fragments/440-ee.yml
View File

@@ -1,7 +0,0 @@
minor_changes:
- "Prepare collection for inclusion in an Execution Environment by declaring its dependencies.
Please note that system packages are used for cryptography and PyOpenSSL, which can be
rather limited. If you need features from newer cryptography versions, you will have to
manually force a newer version to be installed by pip by specifying something like
``cryptography >= 37.0.0`` in your Execution Environment's Python dependencies file
(https://github.com/ansible-collections/community.crypto/pull/440)."

2
changelogs/fragments/441-x509-crl-cert-issuer.yml
View File

@@ -1,2 +0,0 @@
bugfixes:
- "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."

2
changelogs/fragments/445-fix.yml
View File

@@ -1,2 +0,0 @@
bugfixes:
- "Make collection more robust when PyOpenSSL is used with an incompatible cryptography version (https://github.com/ansible-collections/community.crypto/pull/445)."

3
changelogs/fragments/448-acme-request-timeouts.yml
View File

@@ -1,3 +0,0 @@
---
minor_changes:
- acme_* modules - add parameter ``request_timeout`` to manage HTTP(S) request timeout (https://github.com/ansible-collections/community.crypto/issues/447, https://github.com/ansible-collections/community.crypto/pull/448).

4
changelogs/fragments/452-openssl_pkcs12-private-key-content.yml
View File

@@ -1,4 +0,0 @@
minor_changes:
- "openssl_pkcs12 - allow to provide the private key as text instead of having to read it from a file.
This allows to store the private key in an encrypted form, for example in Ansible Vault
(https://github.com/ansible-collections/community.crypto/pull/452)."