-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x509.certificate_managed, renewed at each run #50680
Comments
looks like i'm able to replicate this using your exact state but its showing even more differences then just not after and not before for me. i can only replicate this on python3 not python2.
But when on python2:
Heres my versions report:
i also found this is broken on the fluorine branch. As you stated i cannot test if this is broken in 2018.3 because this state does not currently work in that branch with python3. |
ping @clinta looks like you have done some work around this module. mind taking a look here? |
Oh good news, I wasn't sure it was me or a bug before first time I use it. |
I've add some debug information in the code
If I dump the value of the if condition
So If I do a dict diff on new_comp and current_comp
I think it is because we call x509.create_certificate with testrun=true, this is not giving a certificate but only a dict of what it should be so I think we can't compare new_comp to current_comp, or we should create a real temporary certificate, read it witch read_certificate, and after we can compare them |
I've fixed, not very clean but I can't find how to do better (I call x509.create_certificate 2 times) :
|
Fix #50680 X509 - renewal check - short subject title not match
This probably needs a change at the module level, so you can create a certificate and return both the PEM and the Issuer Public Key (or whole descriptive dict), or just skip the check that the current certificate validates with the the new issuer. Then you only need one call to |
Hi,
I've this code, at each runs, Salt change the "Not After" and "Not Before" and the Serial Number/Finger Print of my ca.crt.
Note : I use the develop branch to have the latest fix for Python 3
The text was updated successfully, but these errors were encountered: