internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 21:32:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489)

Browse Source 
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
This commit is contained in:
Felix Fontein
2019-03-08 17:21:18 +01:00
committed by John R Barker
parent 1d91e03119
commit caf7fd2245
20 changed files with 427 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
changelogs/fragments/53489-openssl-private-key-passphrase.yml Normal file
View File

@@ -0,0 +1,6 @@
bugfixes:
- "openssl_privatekey - no longer hang or crash when passphrase does not match or was
not specified, but key is protected with one. Also regenerate key if passphrase is
specified but existing key has no passphrase."
- "openssl_csr, openssl_certificate, openssl_publickey - properly validate private key
passphrase; if it doesn't match, fail (and not crash or ignore)."