* Create script to reproduce certs.
* Recreate the certificates and update the tests.
* Anonymize certificates.
* Make mostly reproducable by storing the private keys.
I've tried to hide the private keys so that 'security checkers' won't find them
and won't complain. Let's see whether that works...
* Make openssh_cert second algorithm tests compatible with Rocky
* Fix typo
* Merge conditions
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* openssl_pkcs12: Add support for `certificate_content` and `other_certificates_content`
Co-authored-by: Felix Fontein <felix@fontein.de>
* Added minimal tests.
The tests are minimal because internally it always ends up with the
_content variants, so even when supplying a file most of the internal
code paths then use the content.
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* luks_device: allow passphrases to contain newlines
This is useful when passing binary keyfiles from an ansible vault, as
it removes the restriction that the binary data cannot contain newlines.
The only exception is adding a new key to an existing container, as in
that case the two passphrases are separated by a new line.
* add integration tests and a changelog fragment
* attempt to also make luks_add_key work with passphrases containing
newlines
* use a deterministic method to generate keyfile 3, improve changelog
formatting
* add licence and copyright to keyfile3.txt to satisfy CI
* Provide error information.
* Add helper function for order creation retrying.
* Improve existing documentation.
* Document 'replaces' return value.
* Add order_creation_error_strategy and order_creation_max_retries options.
* Add changelog fragment.
* Fix authz deactivation for finalizing step.
* Fix profile handling on order creation.
* Improve existing tests.
* Add ARI and profile tests.
* Warn when 'replaces' is removed when retrying to create an order.
* Fix error reporting for OpenSSL backend: raise BackendExceptions instead of directly failing the module.
* Add treat_parsing_error_as_non_existing option and existing and parsable return values.
* Restrict remaining days to also work with short-lived profiles.
* Adjust boolean cases.
* Fix spelling error.
* Use larger key size for TLS-ALPN test certificate.
