Merge 4ecec2d233 into 6ce6f5c81e

roles/strongswan/tasks/openssl.yml

@@ -155,10 +155,27 @@
         format: OpenSSH
       with_items: "{{ users }}"
 
+    - name: Gather the package facts
+      ansible.builtin.package_facts:
+        manager: auto
+
+    - name: Get OpenSSL version
+      shell: |
+        set -o pipefail
+        {{ openssl_bin }} version |
+        cut -f 2 -d ' '
+      register: ssl_version
+      run_once: true
+
+    - name: Set OpenSSL version fact
+      set_fact:
+        openssl_version: "{{ ssl_version.stdout }}"
+
     - name: Build the client's p12
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export
@@ -175,6 +192,7 @@
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export

users.yml

@@ -26,7 +26,7 @@
             server_list: >-
               [{% for i in _configs_list.files %}
                 {% set config  = lookup('file', i.path)|from_yaml %}
-                '{{ config.server }}'
+                '{{ config.IP_subject_alt_name }}'
                 {{ ',' if not loop.last else '' }}
               {% endfor %}]