Use legacy OpenSSL Format for Apple Devices (#14718)

* fix openssl * Update openssl.yml --------- Co-authored-by: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
2025-04-04 16:29:57 +02:00 · 2024-05-10 05:04:25 +03:00 · 2024-05-10 05:04:25 +03:00 · 8c4ae501ad
commit 8c4ae501ad
parent 6ce6f5c81e
2 changed files with 17 additions and 0 deletions
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@ -155,10 +155,25 @@
        format: OpenSSH
      with_items: "{{ users }}"

+    - name: Get OpenSSL version
+      shell: |
+        set -o pipefail
+        {{ openssl_bin }} version |
+        cut -f 2 -d ' '
+      args:
+        executable: bash
+      register: ssl_version
+      run_once: true
+
+    - name: Set OpenSSL version fact
+      set_fact:
+        openssl_version: "{{ ssl_version.stdout }}"
+
    - name: Build the client's p12
      shell: >
        umask 077;
        {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
        -in certs/{{ item }}.crt
        -inkey private/{{ item }}.key
        -export
@ -175,6 +190,7 @@
      shell: >
        umask 077;
        {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
        -in certs/{{ item }}.crt
        -inkey private/{{ item }}.key
        -export
--- a/users.yml
+++ b/users.yml
@ -27,6 +27,7 @@
              [{% for i in _configs_list.files %}
                {% set config  = lookup('file', i.path)|from_yaml %}
                '{{ config.server }}'
+                '{{ config.IP_subject_alt_name }}'
                {{ ',' if not loop.last else '' }}
              {% endfor %}]