ansible/changelogs/fragments/53489-openssl-private-key-passphrase.yml
Felix Fontein caf7fd2245 openssl_*: improve passphrase handling for private keys in PyOpenSSL (#53489)
* Raise OpenSSLBadPassphraseError if passphrase is wrong.

* Improve handling of passphrase errors.

Current behavior for modules is: if passphrase is wrong (or wrongly specified), fail.
Current behavior for openssl_privatekey is: if passphrase is worng (or wrongly specified), regenerate.

* Add changelog.

* Add tests.

* Adjustments for some versions of PyOpenSSL.

* Update lib/ansible/modules/crypto/openssl_certificate.py

Improve text.

Co-Authored-By: felixfontein <felix@fontein.de>
2019-03-08 16:21:18 +00:00

6 lines
388 B
YAML

bugfixes:
- "openssl_privatekey - no longer hang or crash when passphrase does not match or was
not specified, but key is protected with one. Also regenerate key if passphrase is
specified but existing key has no passphrase."
- "openssl_csr, openssl_certificate, openssl_publickey - properly validate private key
passphrase; if it doesn't match, fail (and not crash or ignore)."