mirror of
https://github.com/ansible-collections/community.crypto.git
synced 2026-05-06 13:22:58 +00:00
* Do not crash when signing with Ed25519 or Ed448.
* Forgot replace.
(cherry picked from commit 297b44f24b)
This commit is contained in:
Felix Fontein
GitHub
@@ -392,6 +392,7 @@ from ansible_collections.community.crypto.plugins.module_utils.crypto.support im
|
||||
|
||||
from ansible_collections.community.crypto.plugins.module_utils.crypto.cryptography_support import (
|
||||
cryptography_get_name,
|
||||
cryptography_key_needs_digest_for_signing,
|
||||
cryptography_name_to_oid,
|
||||
cryptography_oid_to_name,
|
||||
cryptography_serial_number_of_cert,
|
||||
@@ -612,8 +613,12 @@ class CRL(OpenSSLObject):
|
||||
return False
|
||||
if self.next_update != self.crl.next_update and not self.ignore_timestamps:
|
||||
return False
|
||||
if self.digest.name != self.crl.signature_hash_algorithm.name:
|
||||
return False
|
||||
if cryptography_key_needs_digest_for_signing(self.privatekey):
|
||||
if self.crl.signature_hash_algorithm is None or self.digest.name != self.crl.signature_hash_algorithm.name:
|
||||
return False
|
||||
else:
|
||||
if self.crl.signature_hash_algorithm is not None:
|
||||
return False
|
||||
|
||||
want_issuer = [(cryptography_name_to_oid(entry[0]), entry[1]) for entry in self.issuer]
|
||||
if want_issuer != [(sub.oid, sub.value) for sub in self.crl.issuer]:
|
||||
@@ -679,7 +684,10 @@ class CRL(OpenSSLObject):
|
||||
)
|
||||
crl = crl.add_revoked_certificate(revoked_cert.build(backend))
|
||||
|
||||
self.crl = crl.sign(self.privatekey, self.digest, backend=backend)
|
||||
digest = None
|
||||
if cryptography_key_needs_digest_for_signing(self.privatekey):
|
||||
digest = self.digest
|
||||
self.crl = crl.sign(self.privatekey, digest, backend=backend)
|
||||
if self.format == 'pem':
|
||||
return self.crl.public_bytes(Encoding.PEM)
|
||||
else:
|
||||
|
||||
Reference in New Issue
Block a user