diff --git a/changelogs/fragments/1880-fix_cobbler_system_ssl.yml b/changelogs/fragments/1880-fix_cobbler_system_ssl.yml new file mode 100644 index 0000000000..849f703130 --- /dev/null +++ b/changelogs/fragments/1880-fix_cobbler_system_ssl.yml @@ -0,0 +1,2 @@ +bugfixes: + - cobbler_sync, cobbler_system - fix SSL/TLS certificate check when ``validate_certs`` set to ``false`` (https://github.com/ansible-collections/community.general/pull/1880). diff --git a/plugins/modules/remote_management/cobbler/cobbler_sync.py b/plugins/modules/remote_management/cobbler/cobbler_sync.py index 2e5f080d80..3ce1c25564 100644 --- a/plugins/modules/remote_management/cobbler/cobbler_sync.py +++ b/plugins/modules/remote_management/cobbler/cobbler_sync.py @@ -106,12 +106,14 @@ def main(): ssl_context = None if not validate_certs: - try: # Python 2.7.9 and newer - ssl_context = ssl.create_unverified_context() - except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default - ssl._create_default_context = ssl._create_unverified_context - else: # Python 2.7.8 and older - ssl._create_default_https_context = ssl._create_unverified_https_context + try: + ssl_context = ssl._create_unverified_context() + except AttributeError: + # Legacy Python that doesn't verify HTTPS certificates by default + pass + else: + # Handle target environment that doesn't support HTTPS verification + ssl._create_default_https_context = ssl._create_unverified_context url = '{proto}://{host}:{port}/cobbler_api'.format(**module.params) if ssl_context: diff --git a/plugins/modules/remote_management/cobbler/cobbler_system.py b/plugins/modules/remote_management/cobbler/cobbler_system.py index ecabcc8e4d..504369e56a 100644 --- a/plugins/modules/remote_management/cobbler/cobbler_system.py +++ b/plugins/modules/remote_management/cobbler/cobbler_system.py @@ -229,12 +229,14 @@ def main(): ssl_context = None if not validate_certs: - try: # Python 2.7.9 and newer - ssl_context = ssl.create_unverified_context() - except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default - ssl._create_default_context = ssl._create_unverified_context - else: # Python 2.7.8 and older - ssl._create_default_https_context = ssl._create_unverified_https_context + try: + ssl_context = ssl._create_unverified_context() + except AttributeError: + # Legacy Python that doesn't verify HTTPS certificates by default + pass + else: + # Handle target environment that doesn't support HTTPS verification + ssl._create_default_https_context = ssl._create_unverified_context url = '{proto}://{host}:{port}/cobbler_api'.format(**module.params) if ssl_context: