fix openssl

roles/strongswan/tasks/openssl.yml

@@ -155,10 +155,25 @@
         format: OpenSSH
       with_items: "{{ users }}"
 
+    - name: Get OpenSSL version
+    shell: |
+          set -o pipefail
+          {{ openssl_bin }} version |
+          cut -f 2 -d ' '
+    args:
+      executable: bash
+    register: ssl_version
+    run_once: true
+
+    - name: Set OpenSSL version fact
+      set_fact:
+        openssl_version: "{{ ssl_version.stdout }}"
+
     - name: Build the client's p12
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export
@@ -175,6 +190,7 @@
       shell: >
         umask 077;
         {{ openssl_bin }} pkcs12
+        {{ (openssl_version is version('3', '>=')) | ternary('-legacy', '') }}
         -in certs/{{ item }}.crt
         -inkey private/{{ item }}.key
         -export

users.yml

@@ -27,6 +27,7 @@
               [{% for i in _configs_list.files %}
                 {% set config  = lookup('file', i.path)|from_yaml %}
                 '{{ config.server }}'
+                '{{ config.IP_subject_alt_name }}'
                 {{ ',' if not loop.last else '' }}
               {% endfor %}]