From 1cd19eaff9ae99cd6af5421d928fde0ef6b13dde Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 17 Apr 2022 21:36:46 +0200 Subject: [PATCH 1/3] Fix x509_crl certificate issuer issue. --- plugins/modules/x509_crl.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/plugins/modules/x509_crl.py b/plugins/modules/x509_crl.py index 5a5267b05..72408950a 100644 --- a/plugins/modules/x509_crl.py +++ b/plugins/modules/x509_crl.py @@ -689,9 +689,7 @@ def _generate_crl(self): revoked_cert = revoked_cert.revocation_date(entry['revocation_date']) if entry['issuer'] is not None: revoked_cert = revoked_cert.add_extension( - x509.CertificateIssuer([ - cryptography_get_name(name, 'issuer') for name in entry['issuer'] - ]), + x509.CertificateIssuer(entry['issuer']), entry['issuer_critical'] ) if entry['reason'] is not None: From 902b28c64b17bf36d7753be370ffa4612c518b6f Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 17 Apr 2022 21:39:05 +0200 Subject: [PATCH 2/3] Add tests. --- .../targets/x509_crl/tasks/impl.yml | 22 +++++++++++++++++++ .../targets/x509_crl/tests/validate.yml | 8 +++++++ 2 files changed, 30 insertions(+) diff --git a/tests/integration/targets/x509_crl/tasks/impl.yml b/tests/integration/targets/x509_crl/tasks/impl.yml index db18e98f3..45bb74fd8 100644 --- a/tests/integration/targets/x509_crl/tasks/impl.yml +++ b/tests/integration/targets/x509_crl/tasks/impl.yml @@ -524,3 +524,25 @@ path: '{{ remote_tmp_dir }}/ca-crl2.crl' list_revoked_certificates: false register: crl_2_info_2 + +- name: Create CRL 3 + x509_crl: + path: '{{ remote_tmp_dir }}/ca-crl3.crl' + privatekey_path: '{{ remote_tmp_dir }}/ca.key' + issuer: + CN: Ansible + last_update: +0d + next_update: +0d + revoked_certificates: + - serial_number: 1234 + revocation_date: 20191001000000Z + issuer: + - "DNS:ca.example.org" + issuer_critical: true + register: crl_3 + +- name: Retrieve CRL 3 infos + x509_crl_info: + path: '{{ remote_tmp_dir }}/ca-crl3.crl' + list_revoked_certificates: true + register: crl_3_info diff --git a/tests/integration/targets/x509_crl/tests/validate.yml b/tests/integration/targets/x509_crl/tests/validate.yml index 9e6aa733b..e5871a6cf 100644 --- a/tests/integration/targets/x509_crl/tests/validate.yml +++ b/tests/integration/targets/x509_crl/tests/validate.yml @@ -102,3 +102,11 @@ ['commonName', 'CRL'], ['commonName', 'Test'], ] + +- name: Validate CRL 3 info + assert: + that: + - crl_3.revoked_certificates == crl_3_info.revoked_certificates + - crl_3.revoked_certificates[0].issuer == [ + "DNS:ca.example.org", + ] From 675453b265588333c742923c3efbb60e88647161 Mon Sep 17 00:00:00 2001 From: Felix Fontein Date: Sun, 17 Apr 2022 21:40:03 +0200 Subject: [PATCH 3/3] Add changelog fragment. --- changelogs/fragments/441-x509-crl-cert-issuer.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/441-x509-crl-cert-issuer.yml diff --git a/changelogs/fragments/441-x509-crl-cert-issuer.yml b/changelogs/fragments/441-x509-crl-cert-issuer.yml new file mode 100644 index 000000000..ce1706d44 --- /dev/null +++ b/changelogs/fragments/441-x509-crl-cert-issuer.yml @@ -0,0 +1,2 @@ +bugfixes: + - "x509_crl - fix crash when ``issuer`` for a revoked certificate is specified (https://github.com/ansible-collections/community.crypto/pull/441)."