passphrase for crl

2025-04-17 10:10:20 +00:00 · 2017-01-30 08:48:41 -05:00 · 2017-01-30 08:48:41 -05:00 · 6497094ba7
commit 6497094ba7
parent 3ef809fb0f
1 changed files with 6 additions and 1 deletions
--- a/salt/modules/x509.py
+++ b/salt/modules/x509.py
@ -848,6 +848,7 @@ def create_private_key(path=None,

 def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
        path=None, text=False, signing_private_key=None,
+        signing_private_key_passphrase=None,
        signing_cert=None, revoked=None, include_expired=False,
        days_valid=100, digest=''):
    '''
@ -866,6 +867,9 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
        A path or string of the private key in PEM format that will be used
        to sign this crl. This is required.

+    signing_private_key_passphrase:
+        Passphrase to decrypt the private key.
+
    signing_cert:
        A certificate matching the private key that will be used to sign
        this crl. This is required.
@ -969,7 +973,8 @@ def create_crl(  # pylint: disable=too-many-arguments,too-many-locals
    cert = OpenSSL.crypto.load_certificate(
        OpenSSL.crypto.FILETYPE_PEM,
        get_pem_entry(signing_cert, pem_type='CERTIFICATE'))
-    signing_private_key = _text_or_file(signing_private_key)
+    signing_private_key = _get_private_key_obj(signing_private_key,
+                         passphrase=signing_private_key_passphrase).as_pem(cipher=None)
    key = OpenSSL.crypto.load_privatekey(
        OpenSSL.crypto.FILETYPE_PEM,
        get_pem_entry(signing_private_key))