openssl_pkcs12: fix crash when trying to get non-existing other certi…

…ficates (#487) (#488) * Fix crash when trying to get non-existing other certificates. * Add test. (cherry picked from commit 9ed4526)
ansible-collections · Jul 7, 2022 · 1df5162 · 1df5162
1 parent 33703d1
commit 1df5162
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 0 deletions.
diff --git a/changelogs/fragments/487-openssl_pkcs12-other-certs-crash.yml b/changelogs/fragments/487-openssl_pkcs12-other-certs-crash.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "openssl_pkcs12 - when using the pyOpenSSL backend, do not crash when trying to read non-existing other certificates (https://github.com/ansible-collections/community.crypto/issues/486, https://github.com/ansible-collections/community.crypto/pull/487)."
diff --git a/plugins/modules/openssl_pkcs12.py b/plugins/modules/openssl_pkcs12.py
@@ -542,6 +542,8 @@ def _dump_certificate(self, pkcs12):
         return crypto.dump_certificate(crypto.FILETYPE_PEM, cert) if cert else None
 
     def _dump_other_certificates(self, pkcs12):
+        if pkcs12.get_ca_certificates() is None:
+            return []
         return [
             crypto.dump_certificate(crypto.FILETYPE_PEM, other_cert)
             for other_cert in pkcs12.get_ca_certificates()

diff --git a/tests/integration/targets/openssl_pkcs12/tasks/impl.yml b/tests/integration/targets/openssl_pkcs12/tasks/impl.yml
@@ -45,6 +45,18 @@
       return_content: true
     register: p12_standard_idempotency
 
+  - name: "({{ select_crypto_backend }}) Generate PKCS#12 file again, idempotency (empty other_certificates)"
+    openssl_pkcs12:
+      select_crypto_backend: '{{ select_crypto_backend }}'
+      path: '{{ remote_tmp_dir }}/ansible.p12'
+      friendly_name: abracadabra
+      privatekey_path: '{{ remote_tmp_dir }}/ansible_pkey1.pem'
+      certificate_path: '{{ remote_tmp_dir }}/ansible1.crt'
+      state: present
+      return_content: true
+      other_certificates: []
+    register: p12_standard_idempotency_no_certs
+
   - name: "({{ select_crypto_backend }}) Read ansible.p12"
     slurp:
       src: '{{ remote_tmp_dir }}/ansible.p12'

diff --git a/tests/integration/targets/openssl_pkcs12/tests/validate.yml b/tests/integration/targets/openssl_pkcs12/tests/validate.yml
@@ -25,6 +25,7 @@
       - p12_dumped is changed
       - p12_standard_idempotency is not changed
       - p12_standard_idempotency_check is not changed
+      - p12_standard_idempotency_no_certs is not changed
       - p12_multiple_certs_idempotency is not changed
       - p12_dumped_idempotency is not changed
       - p12_dumped_check_mode is not changed