-
Notifications
You must be signed in to change notification settings - Fork 23.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support openssl_crl much like openssl_certificate #53789
support openssl_crl much like openssl_certificate #53789
Comments
Files identified in the description: If these files are inaccurate, please update the |
!component =lib/ansible/modules/crypto/openssl_crl.py |
Files identified in the description: If these files are inaccurate, please update the |
Are you interested in getting information on CRLs (or validate conditions on these), as your example shows, or also to generate / sign CRLs? |
primarily the former, but having both would be great as well. |
CRL is actually a must have module if we want to manage the complete chain by Ansible. I would like to see this implemented as well |
If you could be more specific and say what exactly you want such a module to do, that would help a lot. I've never needed CRLs, so in case I ever work on such a module, I would like to know what people want to use it for :) (Also, if someone wants to contribute such a module: feel free! I'm not sure whether I'll work on that anytime soon, or at all...) |
Well, to revoke the certificates and prevent users from being able to access the system. eg: a vpn system, the operator may want to add and remove users, and if the authentication works via pubkeys, the crl is the only way to remove users. |
So you want to be able to create / update CRLs? If yes, how? Or to verify CRLs? Check whether certificates appear in the CRL? |
To create and update |
in my case, obtain data from the crl (similar to a crt). e.g. lastupdate, nextupdate, issue, etc. |
I started creating a WIP PR for a |
@gnowxilef @jackivanov since you explicitly asked for a |
@gnowxilef @jackivanov ping |
sorry about that, haven't had a chance to use it yet, but the code looks fine. |
@gnowxilef thanks for taking a look! Did you also look at the module interface? Does it provide what you need / think is needed? (For creating/updating CRLs, that is.) |
ah, the code looks to only create/update crls it seems? i would also like it to be able to retrieve information about the crl itself, such as nextupdate, lastupdate, digest, etc. |
Yes. Adding a |
can this be merged yet? |
@fawaf as soon as it gets a proper review. |
I began with a x509_crl_info module in #67539. |
That module is now also merged. During developing it, we decided to not add revocation query support to that module, but add another module |
Thank you very much for your interest in Ansible. Ansible has migrated much of the content into separate repositories to allow for more rapid, independent development. We are closing this issue/PR because this content has been moved to one or more collection repositories.
For further information, please see: |
SUMMARY
support openssl_crl much like openssl_certificate
ISSUE TYPE
COMPONENT NAME
new module name: openssl_crl
ADDITIONAL INFORMATION
it would be used in very much the same way as the openssl_certificate module just that it would be specific for crl. crl has some attributes that a cert does not have (e.g. lastupdated, nextupdate, etc.)
The text was updated successfully, but these errors were encountered: