From 598cdf0a21df8b638eddf7a79a350f4dd70ff1e9 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Wed, 15 Sep 2021 20:42:52 +0200
Subject: [PATCH] Older openssl versions (1.0.1/1.0.2) do not seem to support
 '-' for /dev/stdin. (#279)

---
 changelogs/fragments/279-acme-openssl.yml        | 2 ++
 plugins/module_utils/acme/backend_openssl_cli.py | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/fragments/279-acme-openssl.yml

diff --git a/changelogs/fragments/279-acme-openssl.yml b/changelogs/fragments/279-acme-openssl.yml
new file mode 100644
index 00000000..290c095e
--- /dev/null
+++ b/changelogs/fragments/279-acme-openssl.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "acme_* modules - fix commands composed for OpenSSL backend to retrieve information on CSRs and certificates from stdin to use ``/dev/stdin`` instead of ``-``. This is needed for OpenSSL 1.0.1 and 1.0.2, apparently (https://github.com/ansible-collections/community.crypto/pull/279)."
diff --git a/plugins/module_utils/acme/backend_openssl_cli.py b/plugins/module_utils/acme/backend_openssl_cli.py
index 0c57bbc9..c40b39d7 100644
--- a/plugins/module_utils/acme/backend_openssl_cli.py
+++ b/plugins/module_utils/acme/backend_openssl_cli.py
@@ -230,7 +230,7 @@ class OpenSSLCLIBackend(CryptoBackend):
         filename = csr_filename
         data = None
         if csr_content is not None:
-            filename = '-'
+            filename = '/dev/stdin'
             data = csr_content.encode('utf-8')
 
         openssl_csr_cmd = [self.openssl_binary, "req", "-in", filename, "-noout", "-text"]
@@ -267,7 +267,7 @@ class OpenSSLCLIBackend(CryptoBackend):
         filename = cert_filename
         data = None
         if cert_content is not None:
-            filename = '-'
+            filename = '/dev/stdin'
             data = cert_content.encode('utf-8')
             cert_filename_suffix = ''
         elif cert_filename is not None: