diff options
| author | Michael Scherer <mscherer@users.noreply.github.com> | 2019-09-29 16:17:38 +0200 |
|---|---|---|
| committer | Toshio Kuratomi <a.badger@gmail.com> | 2019-10-12 09:17:09 -0700 |
| commit | 018d57078ec1d809f30e5df40c580ea58ed003ba (patch) | |
| tree | 339917b80c3d56590ca280d7e5cdd4c81e9ab666 | |
| parent | 78fa3ebbad7bcddb747514bd37f77ea72186c742 (diff) | |
| download | ansible-018d57078ec1d809f30e5df40c580ea58ed003ba.tar.gz | |
Fix _validate_csr_subject and _validate_csr_signature (#62790)
On python 3, if there is no explicit "return True", the
function call will be seen as "False", thus failling the module
(cherry picked from commit 75c4e9ec05690f493ce5e14a74231864b9206fe0)
| -rw-r--r-- | changelogs/fragments/62790-openssl_certificate_fix_assert.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/crypto/openssl_certificate.py | 6 |
2 files changed, 4 insertions, 4 deletions
diff --git a/changelogs/fragments/62790-openssl_certificate_fix_assert.yml b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml new file mode 100644 index 0000000000..fb69210452 --- /dev/null +++ b/changelogs/fragments/62790-openssl_certificate_fix_assert.yml @@ -0,0 +1,2 @@ +bugfixes: +- "openssl_certificate - fix ``assertonly`` provider certificate verification, causing 'private key mismatch' and 'subject mismatch' errors." diff --git a/lib/ansible/modules/crypto/openssl_certificate.py b/lib/ansible/modules/crypto/openssl_certificate.py index e06946a862..b46ff58d87 100644 --- a/lib/ansible/modules/crypto/openssl_certificate.py +++ b/lib/ansible/modules/crypto/openssl_certificate.py @@ -1861,12 +1861,10 @@ class AssertOnlyCertificateCryptography(AssertOnlyCertificateBase): def _validate_csr_signature(self): if not self.csr.is_signature_valid: return False - if self.csr.public_key().public_numbers() != self.cert.public_key().public_numbers(): - return False + return self.csr.public_key().public_numbers() == self.cert.public_key().public_numbers() def _validate_csr_subject(self): - if self.csr.subject != self.cert.subject: - return False + return self.csr.subject == self.cert.subject def _validate_csr_extensions(self): cert_exts = self.cert.extensions |