openssl_certificate, fixed has_expired to check the cert expiration date (#53168)

test/integration/targets/openssl_certificate/tasks/expired.yml

@@ -0,0 +1,39 @@
+---
+- name: Generate privatekey
+  openssl_privatekey:
+    path: '{{ output_dir }}/has_expired_privatekey.pem'
+
+- name: Generate CSR
+  openssl_csr:
+    path: '{{ output_dir }}/has_expired_csr.csr'
+    privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
+    subject:
+      commonName: www.example.com
+
+- name: Generate expired selfsigned certificate
+  openssl_certificate:
+    path: '{{ output_dir }}/has_expired_cert.pem'
+    csr_path: '{{ output_dir }}/has_expired_csr.csr'
+    privatekey_path: '{{ output_dir }}/has_expired_privatekey.pem'
+    provider: selfsigned
+    selfsigned_digest: sha256
+    selfsigned_not_after: "-1s"
+
+- name: "Check task fails because cert is expired (has_expired: false)"
+  openssl_certificate:
+    provider: assertonly
+    path: "{{ output_dir }}/has_expired_cert.pem"
+    has_expired: false
+  ignore_errors: true
+  register: expired_cert_check
+
+- name: Ensure previous task failed
+  assert:
+    that: expired_cert_check is failed
+
+- name: "Check expired cert check is ignored (has_expired: true)"
+  openssl_certificate:
+    provider: assertonly
+    path: "{{ output_dir }}/has_expired_cert.pem"
+    has_expired: true
+  register: expired_cert_skip

test/integration/targets/openssl_certificate/tasks/main.yml

@@ -1,6 +1,8 @@
 ---
 - block:
 
+    - import_tasks: expired.yml
+
     - import_tasks: selfsigned.yml
 
     - import_tasks: ownca.yml