openssl_pkcs12: fix crash when trying to get non-existing other certificates (#487)

* Fix crash when trying to get non-existing other certificates. * Add test.
2026-05-06 05:12:54 +00:00 · 2022-07-07 22:30:22 +02:00
parent b16f12faa3
commit 9ed4526fee
4 changed files with 17 additions and 0 deletions
--- a/changelogs/fragments/487-openssl_pkcs12-other-certs-crash.yml
+++ b/changelogs/fragments/487-openssl_pkcs12-other-certs-crash.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "openssl_pkcs12 - when using the pyOpenSSL backend, do not crash when trying to read non-existing other certificates (https://github.com/ansible-collections/community.crypto/issues/486, https://github.com/ansible-collections/community.crypto/pull/487)."
--- a/plugins/modules/openssl_pkcs12.py
+++ b/plugins/modules/openssl_pkcs12.py
@@ -559,6 +559,8 @@ class PkcsPyOpenSSL(Pkcs):
        return crypto.dump_certificate(crypto.FILETYPE_PEM, cert) if cert else None

    def _dump_other_certificates(self, pkcs12):
+        if pkcs12.get_ca_certificates() is None:
+            return []
        return [
            crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert)
            for other_cert in pkcs12.get_ca_certificates()
--- a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
+++ b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
@@ -45,6 +45,18 @@
      return_content: true
    register: p12_standard_idempotency

+  - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (empty other_certificates)"
+    openssl_pkcs12:
+      select_crypto_backend: '{{ select_crypto_backend }}'
+      path: '{{ remote_tmp_dir }}/ansible.p12'
+      friendly_name: abracadabra
+      privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
+      certificate_path: '{{ remote_tmp_dir }}/ansible1.crt'
+      state: present
+      return_content: true
+      other_certificates: []
+    register: p12_standard_idempotency_no_certs
+
  - name: "({{ select_crypto_backend }}) Read ansible_pkey1.pem"
    slurp:
      src: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
--- a/tests/integration/targets/openssl_pkcs12/tests/validate.yml
+++ b/tests/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -25,6 +25,7 @@
      - p12_dumped is changed
      - p12_standard_idempotency is not changed
      - p12_standard_idempotency_check is not changed
+      - p12_standard_idempotency_no_certs is not changed
      - p12_standard_idempotency_2 is not changed
      - p12_multiple_certs_idempotency is not changed
      - p12_dumped_idempotency is not changed