Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix crash in x509_crl when certificate issuer is specified #441

Merged
merged 3 commits into from
Apr 18, 2022
Merged

Fix crash in x509_crl when certificate issuer is specified #441

merged 3 commits into from
Apr 18, 2022
+33 −3

Conversation

felixfontein
Copy link
Contributor

SUMMARY

Found this while working on #436.

ISSUE TYPE
  • Bugfix Pull Request
COMPONENT NAME

x509_crl

felixfontein
felixfontein commented Apr 17, 2022
View reviewed changes
plugins/modules/x509_crl.py
@@ -689,9 +689,7 @@ def _generate_crl(self):
revoked_cert = revoked_cert.revocation_date(entry['revocation_date'])
if entry['issuer'] is not None:
revoked_cert = revoked_cert.add_extension(
x509.CertificateIssuer([
cryptography_get_name(name, 'issuer') for name in entry['issuer']
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

entry['issuer'] is already transformed in line 530.

briantist
briantist approved these changes Apr 17, 2022
View reviewed changes
tests/integration/targets/x509_crl/tests/validate.yml
Comment on lines +110 to +112
- crl_3.revoked_certificates[0].issuer == [
"DNS:ca.example.org",
]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was surprised that this plain scalar worked multi-line without > or >- or something... I did find at least one yaml parser online that didn't like it: https://codebeautify.org/yaml-validator/y22bd59f9

But it appears that validator is wrong; and it clearly works in Ansible regardless, but you may want to change it if only for consistency with the other asserts in the file.

Or not 🤷

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

According to the YAML definition this should be fine: https://yaml.org/spec/1.2.2/#plain-style
I'd probably rather remove the > from the other blocks in this file (but not in this PR) :)

@felixfontein felixfontein merged commit 9d03178 into ansible-collections:main Apr 18, 2022
@felixfontein
Copy link
Contributor Author

@briantist thanks for reviewing this!

@patchback
Copy link

patchback bot commented Apr 18, 2022
edited
Loading

Backport to stable-1: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply 9d03178 on top of patchback/backports/stable-1/9d03178b003ac3145f0af0c18c21ffca4992305c/pr-441

Backporting merged PR #441 into main

  1. Ensure you have a local repo clone of your fork. Unless you cloned it
    from the upstream, this would be your origin remote.
  2. Make sure you have an upstream repo added as a remote too. In these
    instructions you'll refer to it by the name upstream. If you don't
    have it, here's how you can add it: 
    $ git remote add upstream https://github.com/ansible-collections/community.crypto.git
  3. Ensure you have the latest copy of upstream and prepare a branch
    that will hold the backported code: 
    $ git fetch upstream
$ git checkout -b patchback/backports/stable-1/9d03178b003ac3145f0af0c18c21ffca4992305c/pr-441 upstream/stable-1
  4. Now, cherry-pick PR Fix crash in x509_crl when certificate issuer is specified #441 contents into that branch: 
    $ git cherry-pick -x 9d03178b003ac3145f0af0c18c21ffca4992305c
    If it'll yell at you with something like fatal: Commit 9d03178b003ac3145f0af0c18c21ffca4992305c is a merge but no -m option was given., add -m 1 as follows intead: 
    $ git cherry-pick -m1 -x 9d03178b003ac3145f0af0c18c21ffca4992305c
  5. At this point, you'll probably encounter some merge conflicts. You must
    resolve them in to preserve the patch from PR Fix crash in x509_crl when certificate issuer is specified #441 as close to the
    original as possible.
  6. Push this branch to your fork on GitHub: 
    $ git push origin patchback/backports/stable-1/9d03178b003ac3145f0af0c18c21ffca4992305c/pr-441
  7. Create a PR, ensure that the CI is green. If it's not — update it so that
    the tests and any other checks pass. This is it!
    Now relax and wait for the maintainers to process your pull request
    when they have some cycles to do reviews. Don't worry — they'll tell you if
    any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

@felixfontein felixfontein deleted the crl-fix branch April 18, 2022 06:17
felixfontein added a commit to felixfontein/community.crypto that referenced this pull request Apr 18, 2022
@felixfontein
Fix crash in x509_crl when certificate issuer is specified (ansible-c…
c8f13eb 
…ollections#441)

* Fix x509_crl certificate issuer issue.

* Add tests.

* Add changelog fragment.

(cherry picked from commit 9d03178)
@felixfontein felixfontein mentioned this pull request Apr 18, 2022
Merged
felixfontein added a commit that referenced this pull request Apr 18, 2022
@felixfontein
Fix crash in x509_crl when certificate issuer is specified (#441) (#442)
096262b 
* Fix x509_crl certificate issuer issue.

* Add tests.

* Add changelog fragment.

(cherry picked from commit 9d03178)
This was referenced May 9, 2022
Merged
Merged
@renovate renovate bot mentioned this pull request Sep 29, 2022
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@briantist briantist briantist approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@felixfontein @briantist