Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add warning for ASN.1 encoded extension values returned by some modules #318

Merged
merged 2 commits into from
Oct 31, 2021
Merged

Add warning for ASN.1 encoded extension values returned by some modules #318

merged 2 commits into from
Oct 31, 2021

Conversation

felixfontein
Copy link
Contributor

SUMMARY

Add warning that ASN.1 encoded extension values returned by some modules might not reflect the exact byte sequence in the source file anymore depending on the cryptography version.

(Related to pyca/cryptography#6346.)

We can potentially continue to use the current approach (using cffi and cryptography internals), but that might stop working at any moment and the functions we need for that might be removed from the cffi/cryptography exposed parts of OpenSSL.

On the other hand, once there is a stable interface to encode extension values, we have a lot less to worry about, and can also finally implement a feature which allows to specify arbitrary extension values for CSRs. (There was a feature request for that, but I can't find it anymore.)

I think it is important to announce this now (as a potentially breaking change) since we still haven't released 2.0.0 and thus can still have breaking changes "for free". Having them later in a bugfix or feature release is something we should really avoid.

ISSUE TYPE
  • Docs Pull Request
COMPONENT NAME

get_certificate
openssl_csr_info
x509_certificate_info

@felixfontein
Add warning that ASN.1 encoded extension values returned by some modu…
e20ce20 
…les might not reflect the exact byte sequence in the source file anymore depending on the cryptography version.
@felixfontein felixfontein mentioned this pull request Oct 31, 2021
Closed
5 tasks
Ajpantuso
Ajpantuso requested changes Oct 31, 2021
View reviewed changes
Copy link
Collaborator

@Ajpantuso Ajpantuso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of comments for grammar and punctuation.

plugins/modules/openssl_csr_info.py Outdated Show resolved Hide resolved
changelogs/fragments/318-extension-value-note.yml Outdated Show resolved Hide resolved
Ajpantuso
Ajpantuso approved these changes Oct 31, 2021
View reviewed changes
Copy link
Collaborator

@Ajpantuso Ajpantuso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@felixfontein felixfontein merged commit ecbd44d into ansible-collections:main Oct 31, 2021
@felixfontein felixfontein deleted the ext-warning branch October 31, 2021 13:34
@felixfontein
Copy link
Contributor Author

@Ajpantuso thanks a lot for your feedback!

@renovate renovate bot mentioned this pull request Nov 1, 2021
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ajpantuso Ajpantuso Ajpantuso approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@felixfontein @Ajpantuso