Fix crash in x509_crl when certificate issuer is specified (#441)

* Fix x509_crl certificate issuer issue. * Add tests. * Add changelog fragment.
ansible-collections · Apr 18, 2022 · 9d03178 · 9d03178
1 parent 041fff5
commit 9d03178
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 3 deletions.
diff --git a/changelogs/fragments/441-x509-crl-cert-issuer.yml b/changelogs/fragments/441-x509-crl-cert-issuer.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."
diff --git a/plugins/modules/x509_crl.py b/plugins/modules/x509_crl.py
@@ -689,9 +689,7 @@ def _generate_crl(self):
             revoked_cert = revoked_cert.revocation_date(entry['revocation_date'])
             if entry['issuer'] is not None:
                 revoked_cert = revoked_cert.add_extension(
-                    x509.CertificateIssuer([
-                        cryptography_get_name(name, 'issuer') for name in entry['issuer']
-                    ]),
+                    x509.CertificateIssuer(entry['issuer']),
                     entry['issuer_critical']
                 )
             if entry['reason'] is not None:

diff --git a/tests/integration/targets/x509_crl/tasks/impl.yml b/tests/integration/targets/x509_crl/tasks/impl.yml
@@ -524,3 +524,25 @@
     path: '{{ remote_tmp_dir }}/ca-crl2.crl'
     list_revoked_certificates: false
   register: crl_2_info_2
+
+- name: Create CRL 3
+  x509_crl:
+    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
+    privatekey_path: '{{ remote_tmp_dir }}/ca.key'
+    issuer:
+      CN: Ansible
+    last_update: +0d
+    next_update: +0d
+    revoked_certificates:
+      - serial_number: 1234
+        revocation_date: 20191001000000Z
+        issuer:
+          - "DNS:ca.example.org"
+        issuer_critical: true
+  register: crl_3
+
+- name: Retrieve CRL 3 infos
+  x509_crl_info:
+    path: '{{ remote_tmp_dir }}/ca-crl3.crl'
+    list_revoked_certificates: true
+  register: crl_3_info
diff --git a/tests/integration/targets/x509_crl/tests/validate.yml b/tests/integration/targets/x509_crl/tests/validate.yml
@@ -102,3 +102,11 @@
           ['commonName', 'CRL'],
           ['commonName', 'Test'],
         ]
+
+- name: Validate CRL 3 info
+  assert:
+    that:
+      - crl_3.revoked_certificates == crl_3_info.revoked_certificates
+      - crl_3.revoked_certificates[0].issuer == [
+          "DNS:ca.example.org",
+        ]
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."