Error checking x509 extension section v3_req even with req_ext=false

[gdlx]

I'm getting this issue when trying to create an x509 cert:

Error: Execution of '/usr/bin/openssl req -config /etc/puppetlabs/puppet/ssl/certs/myserver.domain.com.cnf -new -x509 -days 3650 -key /etc/puppetlabs/puppet/ssl/private_keys/myserver.domain.com.pem -out /etc/puppetlabs/puppet/ssl/certs/myserver.domain.com.pem -extensions v3_req' returned 1: Error checking x509 extension section v3_req

It seems to be caused by this line: https://github.com/voxpupuli/puppet-openssl/blob/master/lib/puppet/provider/x509_cert/openssl.rb#L101

The condition is different than here: https://github.com/voxpupuli/puppet-openssl/blob/master/lib/puppet/provider/x509_cert/openssl.rb#L77

And it seems to incorrectly interpret the false value (default).

Removing != :false as in line 77 fixes the issue for me.

Affected Puppet, Ruby, OS and module versions/distributions

• Puppet: 8.9.0
• Ruby: 3.1.2
• Distribution: Debian 12
• Module version: 4.1.0

How to reproduce (e.g Puppet code you use)

  $fqdn = $facts['networking']['fqdn'].downcase
  $puppet_ssl_path = '/etc/puppetlabs/puppet/ssl'
  $ssl_key_path = "${puppet_ssl_path}/private_keys/${fqdn}.pem"
  $ssl_cert_path = "${puppet_ssl_path}/certs/${fqdn}.pem"
  $ssl_cfg_path = "${puppet_ssl_path}/certs/${fqdn}.cnf"

  ssl_pkey { $ssl_key_path:
    ensure => 'present',
    size   => 4096,
  }

  -> openssl::config { $ssl_cfg_path:
    ensure     => 'present',
    commonname => $fqdn,
  }

  -> x509_cert { $ssl_cert_path:
    ensure      => 'present',
    private_key => $ssl_key_path,
    template    => $ssl_cfg_path,
    days        => 3650,
    force       => true,
  }