openssl_csr: improve invalid SAN error messages (#53201)

* Improve invalid SAN error messages.

* Add changelog.

test/integration/targets/openssl_csr/tasks/impl.yml

@@ -158,6 +158,15 @@
     commonName: www.ansible.com
     select_crypto_backend: '{{ select_crypto_backend }}'
 
+- name: Generate CSR with invalid SAN
+  openssl_csr:
+    path: '{{ output_dir }}/csrinvsan.csr'
+    privatekey_path: '{{ output_dir }}/privatekey.pem'
+    subject_alt_name: invalid-san.example.com
+    select_crypto_backend: '{{ select_crypto_backend }}'
+  register: generate_csr_invalid_san
+  ignore_errors: yes
+
 - name: Generate CSR with OCSP Must Staple
   openssl_csr:
     path: '{{ output_dir }}/csr_ocsp.csr'

test/integration/targets/openssl_csr/tests/validate.yml

@@ -54,6 +54,12 @@
       - csr_oldapi_cn.stdout.split('=')[-1] == 'www.ansible.com'
       - csr_oldapi_modulus.stdout == privatekey_modulus.stdout
 
+- name: Validate invalid SAN
+  assert:
+    that:
+      - generate_csr_invalid_san is failed
+      - "'Subject Alternative Name' in generate_csr_invalid_san.msg"
+
 - name: Validate OCSP Must Staple CSR (test - everything)
   shell: "openssl req -noout -in {{ output_dir }}/csr_ocsp.csr -text"
   register: csr_ocsp