Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to specify subject (for CSRs) and issuer (for CRLs) ordered #316

Merged
merged 7 commits into from
Oct 31, 2021
Merged

Allow to specify subject (for CSRs) and issuer (for CRLs) ordered #316

merged 7 commits into from
Oct 31, 2021

Conversation

felixfontein
Copy link
Contributor

SUMMARY

Fixes #291.

ISSUE TYPE
  • Bugfix Pull Request
  • Feature Pull Request
COMPONENT NAME

acme_certificate
openssl_csr
openssl_csr_pipe
x509_crl

@felixfontein felixfontein mentioned this pull request Oct 30, 2021
Closed
@felixfontein
Copy link
Contributor Author

ready_for_review

@felixfontein felixfontein mentioned this pull request Oct 31, 2021
Closed
5 tasks
Ajpantuso
Ajpantuso requested changes Oct 31, 2021
View reviewed changes
Copy link
Collaborator

@Ajpantuso Ajpantuso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few minor comments, but otherwise looks good.

changelogs/fragments/315-ordered-names.yml Outdated Show resolved Hide resolved
plugins/module_utils/crypto/support.py Outdated Show resolved Hide resolved
plugins/module_utils/crypto/support.py Outdated Show resolved Hide resolved
plugins/modules/x509_crl.py Outdated Show resolved Hide resolved
@felixfontein
Copy link
Contributor Author

@Ajpantuso what do you think of d497231 and 196c85f? I think it's better to reject such values outright instead of silently ignoring them. The silent ignore makes sense for the explicit option fields for the CSR modules (or well, ignoring only None would make even more sense...), but I don't think it should happen for the other fields. What do you think?

@Ajpantuso
Copy link
Collaborator

@Ajpantuso what do you think of d497231 and 196c85f? I think it's better to reject such values outright instead of silently ignoring them. The silent ignore makes sense for the explicit option fields for the CSR modules (or well, ignoring only None would make even more sense...), but I don't think it should happen for the other fields. What do you think?

Makes sense to me. Silently ignoring could even lead users to believe that defaults would be applied from say their OpenSSL config. More explicit is better in this case.

Ajpantuso
Ajpantuso approved these changes Oct 31, 2021
View reviewed changes
Copy link
Collaborator

@Ajpantuso Ajpantuso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felixfontein felixfontein merged commit 589e7c7 into ansible-collections:main Oct 31, 2021
@felixfontein felixfontein deleted the ordered-subject branch October 31, 2021 14:05
@felixfontein
Copy link
Contributor Author

@Ajpantuso thanks again for reviewing this!

@renovate renovate bot mentioned this pull request Nov 1, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ajpantuso Ajpantuso Ajpantuso approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Problems with CRL issuer matching Cert issuer.
2 participants
@felixfontein @Ajpantuso