Merge pull request #51432 from Ch3LL/bp-51324

Backport #51324 into 2018.3.4
2025-04-17 10:10:20 +00:00 · 2019-01-30 10:51:49 -07:00 · 2019-01-30 10:51:49 -07:00 · 28b898c54b
commit 28b898c54b
parent 01717d2455 bd41ff0f59
2 changed files with 8 additions and 7 deletions
--- a/salt/modules/x509.py
+++ b/salt/modules/x509.py
@ -390,7 +390,7 @@ def _passphrase_callback(passphrase):
    Returns a callback function used to supply a passphrase for private keys
    '''
    def f(*args):
-        return salt.utils.stringutils.to_str(passphrase)
+        return salt.utils.stringutils.to_bytes(passphrase)
    return f


@ -961,7 +961,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals

        serial_number = rev_item['serial_number'].replace(':', '')
        # OpenSSL bindings requires this to be a non-unicode string
-        serial_number = salt.utils.stringutils.to_str(serial_number)
+        serial_number = salt.utils.stringutils.to_bytes(serial_number)

        if 'not_after' in rev_item and not include_expired:
            not_after = datetime.datetime.strptime(
@ -976,6 +976,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
        rev_date = datetime.datetime.strptime(
            rev_item['revocation_date'], '%Y-%m-%d %H:%M:%S')
        rev_date = rev_date.strftime('%Y%m%d%H%M%SZ')
+        rev_date = salt.utils.stringutils.to_bytes(rev_date)

        rev = OpenSSL.crypto.Revoked()
        rev.set_serial(serial_number)
@ -1005,7 +1006,7 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
        'days': days_valid
    }
    if digest:
-        export_kwargs['digest'] = bytes(digest)
+        export_kwargs['digest'] = salt.utils.stringutils.to_bytes(digest)
    else:
        log.warning('No digest specified. The default md5 digest will be used.')

@ -1573,7 +1574,7 @@ def create_certificate(
            pem_type='CERTIFICATE'
        )
    else:
-        return cert.as_pem()
+        return salt.utils.stringutils.to_str(cert.as_pem())
 # pylint: enable=too-many-locals


--- a/tests/unit/modules/test_x509.py
+++ b/tests/unit/modules/test_x509.py
@ -136,7 +136,7 @@ c9bcgp7D7xD+TxWWNj4CSXEccJgGr91StV+gFg4ARQ==
        '''
        ret = x509.create_private_key(text=True,
                                      passphrase='super_secret_passphrase')
-        self.assertIn(b'BEGIN RSA PRIVATE KEY', ret)
+        self.assertIn('BEGIN RSA PRIVATE KEY', ret)

    @skipIf(not HAS_M2CRYPTO, 'Skipping, M2Crypto is unavailble')
    def test_create_certificate(self):
@ -176,7 +176,7 @@ c9bcgp7D7xD+TxWWNj4CSXEccJgGr91StV+gFg4ARQ==
                                      authorityKeyIdentifier='keyid,issuer:always',
                                      days_valid=3650,
                                      days_remaining=0)
-        self.assertIn(b'BEGIN CERTIFICATE', ret)
+        self.assertIn('BEGIN CERTIFICATE', ret)

    @skipIf(not HAS_M2CRYPTO, 'Skipping, M2Crypto is unavailble')
    def test_create_crl(self):
@ -240,7 +240,7 @@ c9bcgp7D7xD+TxWWNj4CSXEccJgGr91StV+gFg4ARQ==
        os.remove(ca_crl_file.name)

        # Ensure that a CRL was actually created
-        self.assertIn(b'BEGIN X509 CRL', crl)
+        self.assertIn('BEGIN X509 CRL', crl)

    @skipIf(not HAS_M2CRYPTO, 'Skipping, M2Crypto is unavailble')
    def test_revoke_certificate_with_crl(self):