1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

vmware: check the SSL certification

If `validate_certs` is enable, we now validate the server SSL
certificate.
This commit is contained in:
Gonéri Le Bouder 2019-05-02 10:32:01 -04:00
parent 14ab205ea2
commit 23e63c9237
2 changed files with 7 additions and 4 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- vmware - The VMware modules now enable the SSL certificate check unless ``validate_certs`` is ``false``.

View file

@ -514,10 +514,11 @@ def connect_to_api(module, disconnect_atexit=True):
module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update '
'python or use validate_certs=false.')
ssl_context = None
if not validate_certs and hasattr(ssl, 'SSLContext'):
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
ssl_context.verify_mode = ssl.CERT_NONE
ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
if validate_certs:
ssl_context.verify_mode = ssl.CERT_REQUIRED
ssl_context.check_hostname = True
ssl_context.load_default_certs()
service_instance = None
try: