Improve error message when lodaing corrupt private key or private key with wrong passphrase. (#939) (#940)

(cherry picked from commit f219cac94c)
2026-04-27 08:56:47 +00:00 · 2025-07-25 17:08:45 +02:00
parent 71e9d2273a
commit b6887ab1f4
3 changed files with 87 additions and 2 deletions
--- a/plugins/module_utils/crypto/support.py
+++ b/plugins/module_utils/crypto/support.py
@@ -40,6 +40,7 @@ except (ImportError, AttributeError):

 try:
    from cryptography import x509
+    from cryptography.exceptions import UnsupportedAlgorithm
    from cryptography.hazmat.backends import default_backend as cryptography_backend
    from cryptography.hazmat.primitives import hashes, serialization
    from cryptography.hazmat.primitives.serialization import load_pem_private_key
@@ -213,12 +214,16 @@ def load_privatekey(
                None if passphrase is None else to_bytes(passphrase),
                cryptography_backend(),
            )
+        except UnsupportedAlgorithm as exc:
+            raise OpenSSLBadPassphraseError("Unsupported private key type: {exc}".format(exc=exc))
        except TypeError:
            raise OpenSSLBadPassphraseError(
                "Wrong or empty passphrase provided for private key"
            )
-        except ValueError:
-            raise OpenSSLBadPassphraseError("Wrong passphrase provided for private key")
+        except ValueError as exc:
+            raise OpenSSLBadPassphraseError(
+                "Wrong passphrase provided for private key, or private key cannot be parsed: {exc}".format(exc=exc)
+            )

    return result