openssl_csr: allow to specify CRL distribution endpoints (#167)

* Improve error messages for name decoding (not all names appear in SANs).

* Refactor DN parsing, add relative DN parsing code.

* Allow to specify CRL distribution points.

* Add changelog fragment.

* Fix typo.

* Make sure value argument to x509.NameAttribute is a text.

* Update changelogs/fragments/167-openssl_csr-crl-distribution-points.yml

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

* Add example.

Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>

plugins/modules/openssl_csr.py

@@ -142,6 +142,21 @@ EXAMPLES = r'''
     extended_key_usage:
     - clientAuth
     subject_alt_name: otherName:1.3.6.1.4.1.311.20.2.3;UTF8:username@localhost
+
+- name: Generate an OpenSSL Certificate Signing Request with a CRL distribution point
+  community.crypto.openssl_csr:
+    path: /etc/ssl/csr/www.ansible.com.csr
+    privatekey_path: /etc/ssl/private/ansible.com.pem
+    common_name: www.ansible.com
+    crl_distribution_points:
+      - full_name:
+          - "URI:https://ca.example.com/revocations.crl"
+        crl_issuer:
+          - "URI:https://ca.example.com/"
+        reasons:
+          - key_compromise
+          - ca_compromise
+          - cessation_of_operation
 '''
 
 RETURN = r'''