From 0533b3d639ea4dbe34225725b6dbaf3767fefa6d Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Wed, 11 Jan 2017 03:22:43 +1100 Subject: [PATCH] Add additional information to the get_url SSL failure message. (#20025) When get_url or other functions receive an SSL failure it prints a standard message regardless of the failure. Include the actual OpenSSL message in the error message so alternative failures can be debugged. Closes: #20024 --- lib/ansible/module_utils/urls.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 3f7c4413a4..4fe8a38753 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -528,7 +528,7 @@ def RedirectHandlerFactory(follow_redirects=None, validate_certs=True): return RedirectHandler -def build_ssl_validation_error(hostname, port, paths): +def build_ssl_validation_error(hostname, port, paths, exc=None): '''Inteligently build out the SSLValidationError based on what support you have installed ''' @@ -550,7 +550,10 @@ def build_ssl_validation_error(hostname, port, paths): msg.append('You can use validate_certs=False if you do' ' not need to confirm the servers identity but this is' ' unsafe and not recommended.' - ' Paths checked for this platform: %s') + ' Paths checked for this platform: %s.') + + if exc: + msg.append('The exception msg was: %s.' % to_native(exc)) raise SSLValidationError(' '.join(msg) % (hostname, port, ", ".join(paths))) @@ -722,7 +725,8 @@ class SSLValidationHandler(urllib_request.BaseHandler): #ssl_s.unwrap() s.close() except (ssl.SSLError, CertificateError): - build_ssl_validation_error(self.hostname, self.port, paths_checked) + e = get_exception() + build_ssl_validation_error(self.hostname, self.port, paths_checked, e) except socket.error: e = get_exception() raise ConnectionError('Failed to connect to %s at port %s: %s' % (self.hostname, self.port, to_native(e)))