Get openssl version, if > v3, use the -legacy option for pkcs12 relat…

…ed openssl tasks to fix macos/ios install issues (trailofbits#14558) original solution from https://github.com/omgagg/algo
ExtremeModerate · Jul 8, 2023 · 86c315f · 86c315f
1 parent 1c80cd2
commit 86c315f
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
@@ -155,10 +155,27 @@
  format: OpenSSH
  with_items: "{{ users }}"
 
+ - name: Gather the package facts
+ ansible.builtin.package_facts:
+ manager: auto
+
+ - name: Get OpenSSL version
+ shell: |
+ set -o pipefail
+ {{ openssl_bin }} version |
+ cut -f 2 -d ' '
+ register: ssl_version
+ run_once: true
+
+ - name: Set OpenSSL version fact
+ set_fact:
+ openssl_version: "{{ ssl_version.stdout }}"
+
  - name: Build the client's p12
  shell: >
  umask 077;
  {{ openssl_bin }} pkcs12
+ {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
  -in certs/{{ item }}.crt
  -inkey private/{{ item }}.key
  -export
@@ -175,6 +192,7 @@
  shell: >
  umask 077;
  {{ openssl_bin }} pkcs12
+ {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
  -in certs/{{ item }}.crt
  -inkey private/{{ item }}.key
  -export