Add warning for ASN.1 encoded extension values returned by some modules (#318)

* Add warning that ASN.1 encoded extension values returned by some modules might not reflect the exact byte sequence in the source file anymore depending on the cryptography version. * Apply suggestions from code review Co-authored-by: Ajpantuso <ajpantuso@gmail.com> Co-authored-by: Ajpantuso <ajpantuso@gmail.com>
2026-05-08 14:22:56 +00:00 · 2021-10-31 14:34:33 +01:00
parent 4ab2ed8b77
commit ecbd44df22
4 changed files with 27 additions and 3 deletions
--- a/changelogs/fragments/318-extension-value-note.yml
+++ b/changelogs/fragments/318-extension-value-note.yml
@@ -0,0 +1,6 @@
 breaking_changes:
  - "get_certificate, openssl_csr_info, x509_certificate_info - depending on the ``cryptography`` version used,
     the modules might not return the ASN.1 value for an extension as contained in the certificate respectively CSR,
     but a re-encoded version of it. This should usually be identical to the value contained in the source file,
     unless the value was malformed. For extensions not handled by C(cryptography) the value contained in
     the source file is always returned unaltered (https://github.com/ansible-collections/community.crypto/pull/318)."
--- a/plugins/modules/get_certificate.py
+++ b/plugins/modules/get_certificate.py
@@ -99,7 +99,13 @@ extensions:
        asn1_data:
            returned: success
            type: str
-            description: The Base64 encoded ASN.1 content of the extnesion.
+            description:
              - The Base64 encoded ASN.1 content of the extension.
              - B(Note) that depending on the C(cryptography) version used, it is
                not possible to extract the ASN.1 content of the extension, but only
                to provide the re-encoded content of the extension in case it was
                parsed by C(cryptography). This should usually result in exactly the
                same value, except if the original extension value was malformed.
        name:
            returned: success
            type: str
--- a/plugins/modules/openssl_csr_info.py
+++ b/plugins/modules/openssl_csr_info.py
@@ -103,7 +103,13 @@ extensions_by_oid:
            returned: success
            type: bool
        value:
-            description: The Base64 encoded value (in DER format) of the extension
+            description:
              - The Base64 encoded value (in DER format) of the extension.
              - B(Note) that depending on the C(cryptography) version used, it is
                not possible to extract the ASN.1 content of the extension, but only
                to provide the re-encoded content of the extension in case it was
                parsed by C(cryptography). This should usually result in exactly the
                same value, except if the original extension value was malformed.
            returned: success
            type: str
            sample: "MAMCAQU="
--- a/plugins/modules/x509_certificate_info.py
+++ b/plugins/modules/x509_certificate_info.py
@@ -147,7 +147,13 @@ extensions_by_oid:
            returned: success
            type: bool
        value:
-            description: The Base64 encoded value (in DER format) of the extension.
+            description:
              - The Base64 encoded value (in DER format) of the extension.
              - B(Note) that depending on the C(cryptography) version used, it is
                not possible to extract the ASN.1 content of the extension, but only
                to provide the re-encoded content of the extension in case it was
                parsed by C(cryptography). This should usually result in exactly the
                same value, except if the original extension value was malformed.
            returned: success
            type: str
            sample: "MAMCAQU="