* Do extra docs validation. Explicitly disallow semantic markup in docs.
* Forgot to add new requirement.
* Improve test.
* TEMP - make CI fail.
* Revert "TEMP - make CI fail."
This reverts commit a71b8901c1.
* Remove unnecessary import.
* Make sure ANSIBLE_COLLECTIONS_PATH is set.
* Make sure sanity tests from older Ansible versions don't complain.
(cherry picked from commit ceabef7e58)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Work around stupid ssh-agent output format.
* Workaround for Ansible 2.9.
* Old jinja2...
* Jinja2 on CentOS 6 is really annoying.
(cherry picked from commit e4ebca0945)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix empty check for openssl_pkcs12 tests.
* Prevent crash if PyOpenSSL cannot be imported because of an AttributeError.
* Add changelog fragment.
* Fix constraints file.
* Use Python 2.7 instead of 3.5 for 2.9 cloud tests (pip module is broken).
* Prevent upgrading cryptography on ansible-core 2.12's default container with Python 3.9.
* Regenerate certificate on CA's subject change. (#402)
(cherry picked from commit 3ebc132c03)
* Add fix for PyOpenSSL backend.
* x509_certificate: check existing certificate's signature for selfsigned and ownca provider (#407)
* Verify whether signature matches.
* Add changelog fragment.
* Forgot imports.
* Fix wrong name.
* Check whether the CA private key fits to the CA certificate. Use correct key in tests.
* Refactor code.
(cherry picked from commit 28729657ac)
* There doesn't seem a way to do this with pyOpenSSL.
* Allow multiple intermediate CAs to have same subject.
* Add tests.
* Fix test name.
* Don't use CN for SAN.
* Make a bit more compatible.
* Include jinja2 compat for CentOS 6.
(cherry picked from commit 11a14543c8)
Co-authored-by: Felix Fontein <felix@fontein.de>
* PyOpenSSL 22.0.0 no longer supports Python 2.7. (#387)
(cherry picked from commit 5abfe8fca9)
* Do not install PyOpenSSL from PyPi if cryptography cannot be updated - at least on FreeBSD 13.0, latest PyOpenSSL requires a cryptography upgrade, which breaks CI.
* Revert "Do not install PyOpenSSL from PyPi if cryptography cannot be updated - at least on FreeBSD 13.0, latest PyOpenSSL requires a cryptography upgrade, which breaks CI."
This reverts commit 16f9145653.
* Try another approach.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update CI matrix for Remote Devel.
* Add Python info entries.
(cherry picked from commit cd5ed011a5)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Avoid infinite loops, and double roots when root certificate was already part of chain.
* Refactor tests for readability.
(cherry picked from commit 6ee238d961)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use modules from internal_test_tools instead of stat workaround to check whether file actually changed.
* Properly add testing dependency.
(cherry picked from commit 471506c5d4)
Co-authored-by: Felix Fontein <felix@fontein.de>
* Name test tasks in a more explicite manner
* Space test + verification blocks apart
* Apply suggestions from code review
Co-authored-by: Jens Heinrich <github.com/JensHeinrich>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 2c05221d89)
Co-authored-by: Jens Heinrich <59469646+JensHeinrich@users.noreply.github.com>
* Extension parsing: add new fallback code which uses the new cryptography API (#331)
* Add new code as fallback which re-serializes de-serialized extensions using the new cryptography API.
* Forgot Base64 encoding.
* Add extension by OID tests.
* There's one value which is different with the new code.
* Differences in CI.
* Working around older Jinjas.
* Value depends on which SAN was included.
* Force complete CI run now since cryptography 36.0.0 is out.
ci_complete
(cherry picked from commit 3f40795a98)
* Adjust tests.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Improve Python 2 Unicode handling. (#313)
(cherry picked from commit eb8dabce84)
* Remove test since it doesn't work with pyOpenSSL.
* Completely remove test.
* Update plugins/module_utils/crypto/cryptography_support.py
* Run all tests on all targets. Remove hack in setup_acme.
* Fix some failing tests.
* OpenSSH tests do not work yet with default image on Ansible 2.9. Let's skip them on the cloud target.
* Make tests pass again.
* Make sure to install *latest* versions of cryptography and pyOpenSSL when not installing system packages, whenever possible.
ci_complete
* Update/fix aliases files.
* Install PyOpenSSL and cryptography from PyPi if target Python != system Python.
* Work around some CentOS6, 7, Ubuntu 16.04 problems. Improve jinja2 compatibility handling.
* Skip tasks that require properties that aren't always there.
* Only install OpenSSL when not present.
* Improve output.
* Improve get_certificate integration test graceful failing.
* Fix tests.
* Fix assert.
* OpenSSL peculiarities.
* Fix condition.
* Initial commit
* Matching tests to overwritten permissions behavior with cryptography
* Ensuring key validation only occurs when state=present and accomodating CentOS6 restrictions
* Making ssh-keygen behavior explicit by version in tests
* Ensuring cyrptography not excluded in new conditions
* Adding changelog fragment
* Fixing sanity checks
* Improving readability
* Applying review suggestions
* addressing restore_on_failure conflict
* Initial commit
* Fixed CRLF and ed25519 handling on CentOS6
* Separated expected test results for file permissions between backends
* Fixed unprotected key base directory
* Fixed PEM encoded file test
* Initial commit
* Fixing unit tests
* More unit fixes
* Adding changelog fragment
* Minor refactor in Certificate.generate()
* Addressing option case-sensitivity and directive overrides
* Renaming idempotency to regenerate
* updating changelog
* Minor refactoring of default options
* Cleaning up with inline functions
* Fixing false failures when regenerate=fail and improving clarity
* Applying second round of review suggestions
* adding helper for safe atomic moves
* Initial commit
* Fixing units
* Adding changelog fragment
* Enhanced encapsulation of certificate data
* Avoiding failure when path is not parseable
* Diff refactor
* Applying initial review suggestions
* Initial commit
* Adding informational comments
* Adding changelog fragment
* Fixing CRLF changelog fragment
* Refactoring public number parsing and added chaining for writer methods
* Adding more descriptive error for invalid certificate data
* Fixing signature data parsing
* Correcting ed25519 signature type to binary
* Applying initial review suggestions and fixing option-list writer
* Applying review suggestions
* Making OpensshWriter private
