Closed vzhestkov closed 1 month ago
Commit https://github.com/openSUSE/salt/pull/672/commits/f0a69e927103ae793a41fc6da90fedc08466b10b is different from the upstream PR, but it only makes sense for outdated versions of OpenSSL, like the ones used in CentOS7 and SLE12, so it doesn't make any sense to try to push it upstream.
What does this PR do?
Backports https://github.com/saltstack/salt/pull/66818
With the most recent versions of
cryptography
module the exception value which is checked here https://github.com/saltstack/salt/blob/246d0664577ef72da8bd1f0c4dff0d18b4428b23/salt/utils/x509.py#L704 is different. The latest version ofcryptography
is returning https://github.com/pyca/cryptography/blob/932b8a3f67810140a6e178f7b676e1cb9c3585b1/src/rust/src/backend/utils.rs#L463It could also be returned with the lower version of
cryptography
depending on the combination with the OpenSSL version it's used with.What issues does this PR fix or reference?
Tracks: https://github.com/SUSE/spacewalk/issues/24859
Previous Behavior
x509.private_key_managed
state function could fail with the commentCould not load PEM-encoded private key
The following tests could fail as well:New Behavior
No test fails and
x509.private_key_managed
state with most recentcryptography
or some other OpenSSL versions which can produce different errors on such cases.Merge requirements satisfied?
[NOTICE] Bug fixes or features added to Salt require tests.
Commits signed with GPG?
Yes/No
Please review Salt's Contributing Guide for best practices.
See GitHub's page on GPG signing for more information about signing commits with GPG.