Release 1.9.12.

ansible-collections · Feb 21, 2022 · 35ef2ed · 35ef2ed
1 parent ebcf866
commit 35ef2ed
Show file tree

Hide file tree

Showing 6 changed files with 59 additions and 13 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -5,6 +5,30 @@ Community Crypto Release Notes
 .. contents:: Topics
 
 
+v1.9.12
+=======
+
+Release Summary
+---------------
+
+Regular bugfix release.
+
+Bugfixes
+--------
+
+- certificate_complete_chain - allow multiple potential intermediate certificates to have the same subject (https://github.com/ansible-collections/community.crypto/issues/399, https://github.com/ansible-collections/community.crypto/pull/403).
+- x509_certificate - for the ``ownca`` provider, check whether the CA private key actually belongs to the CA certificate. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - regenerate certificate when the CA's public key changes for ``provider=ownca``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - regenerate certificate when the CA's subject changes for ``provider=ownca`` (https://github.com/ansible-collections/community.crypto/issues/400, https://github.com/ansible-collections/community.crypto/pull/402).
+- x509_certificate - regenerate certificate when the private key changes for ``provider=selfsigned``. This fix only covers the ``cryptography`` backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+
+Known Issues
+------------
+
+- x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, changing the CA's public key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - when using the ``ownca`` provider with the ``pyopenssl`` backend, it is possible to specify a CA private key which is not related to the CA certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+- x509_certificate - when using the ``selfsigned`` provider with the ``pyopenssl`` backend, changing the private key does not cause regeneration of the certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+
 v1.9.11
 =======
 

diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
@@ -550,6 +550,41 @@ releases:
     - 1.9.11.yml
     - 396-openssh_cert-host-cert-idempotence-fix.yml
     release_date: '2022-02-05'
+  1.9.12:
+    changes:
+      bugfixes:
+      - certificate_complete_chain - allow multiple potential intermediate certificates
+        to have the same subject (https://github.com/ansible-collections/community.crypto/issues/399,
+        https://github.com/ansible-collections/community.crypto/pull/403).
+      - x509_certificate - for the ``ownca`` provider, check whether the CA private
+        key actually belongs to the CA certificate. This fix only covers the ``cryptography``
+        backend, not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - regenerate certificate when the CA's public key changes
+        for ``provider=ownca``. This fix only covers the ``cryptography`` backend,
+        not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - regenerate certificate when the CA's subject changes for
+        ``provider=ownca`` (https://github.com/ansible-collections/community.crypto/issues/400,
+        https://github.com/ansible-collections/community.crypto/pull/402).
+      - x509_certificate - regenerate certificate when the private key changes for
+        ``provider=selfsigned``. This fix only covers the ``cryptography`` backend,
+        not the ``pyopenssl`` backend (https://github.com/ansible-collections/community.crypto/pull/407).
+      known_issues:
+      - x509_certificate - when using the ``ownca`` provider with the ``pyopenssl``
+        backend, changing the CA's public key does not cause regeneration of the certificate
+        (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - when using the ``ownca`` provider with the ``pyopenssl``
+        backend, it is possible to specify a CA private key which is not related to
+        the CA certificate (https://github.com/ansible-collections/community.crypto/pull/407).
+      - x509_certificate - when using the ``selfsigned`` provider with the ``pyopenssl``
+        backend, changing the private key does not cause regeneration of the certificate
+        (https://github.com/ansible-collections/community.crypto/pull/407).
+      release_summary: Regular bugfix release.
+    fragments:
+    - 1.9.12.yml
+    - 402-x509_certificate-ownca-subject.yml
+    - 403-certificate_complete_chain-same-subject.yml
+    - 407-x509_certificate-signature.yml
+    release_date: '2022-02-21'
   1.9.2:
     changes:
       release_summary: Bugfix release to fix the changelog. No other change compared

diff --git a/changelogs/fragments/1.9.12.yml b/changelogs/fragments/1.9.12.yml
diff --git a/changelogs/fragments/402-x509_certificate-ownca-subject.yml b/changelogs/fragments/402-x509_certificate-ownca-subject.yml
diff --git a/changelogs/fragments/403-certificate_complete_chain-same-subject.yml b/changelogs/fragments/403-certificate_complete_chain-same-subject.yml
diff --git a/changelogs/fragments/407-x509_certificate-signature.yml b/changelogs/fragments/407-x509_certificate-signature.yml