From 68cb12d9e034dbeb237438d1ea69f15aa2243d4d Mon Sep 17 00:00:00 2001
From: gh0st-network <69614488+gh0st-network@users.noreply.github.com>
Date: Sun, 10 Dec 2023 16:03:37 +0800
Subject: [PATCH] Update openssl.yml

Fix PKCS#12 mobileconfig installation errors when using openssl version > 3 (trailofbits#14558) #14622
https://github.com/trailofbits/algo/pull/14622/files
---
 roles/strongswan/tasks/openssl.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/roles/strongswan/tasks/openssl.yml b/roles/strongswan/tasks/openssl.yml
index f51ac9dd0..1ffed904b 100644
--- a/roles/strongswan/tasks/openssl.yml
+++ b/roles/strongswan/tasks/openssl.yml
@@ -155,10 +155,27 @@
         format: OpenSSH
       with_items: "{{ users }}"
 
+    - name: Gather the package facts
+      ansible.builtin.package_facts:
+        manager: auto
+
+    - name: Get OpenSSL version
+      shell: |
+        set -o pipefail
+        {{ openssl_bin }} version |
+        cut -f 2 -d ' '
+      register: ssl_version
+      run_once: true
+
+    - name: Set OpenSSL version fact
+      set_fact:
+        openssl_version: "{{ ssl_version.stdout }}"
+
     - name: Build the client's p12
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export
@@ -175,6 +192,7 @@
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export