ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

vmware: check the SSL certification

Browse source 
If `validate_certs` is enable, we now validate the server SSL
certificate.
This commit is contained in:
Gonéri Le Bouder 2019-05-02 10:32:01 -04:00
parent 14ab205ea2
commit 23e63c9237
2 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/vmware_check_ssl_cert.yaml Normal file
View file

@ -0,0 +1,2 @@
bugfixes:
- vmware - The VMware modules now enable the SSL certificate check unless ``validate_certs`` is ``false``.

9
lib/ansible/module_utils/vmware.py
View file

@ -514,10 +514,11 @@ def connect_to_api(module, disconnect_atexit=True):
module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update ' module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update '
'python or use validate_certs=false.') 'python or use validate_certs=false.')
ssl_context = None ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
if not validate_certs and hasattr(ssl, 'SSLContext'): if validate_certs:
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.verify_mode = ssl.CERT_NONE ssl_context.check_hostname = True
ssl_context.load_default_certs()
service_instance = None service_instance = None
try: try: