mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Prefer the stdlib SSLContext over urllib3 context
We do not go through the effort of finding the right PROTOCOL setting if we have SSLContext in the stdlib. So we do not want to hit the code that uses PROTOCOL to set the urllib3-provided ssl context when SSLContext is available. Also, the urllib3 implementation appears to have a bug in some recent versions. Preferring the stdlib version will work around that for those with Python-2.7.9+ as well. Fixes #26235 Fixes #25402 Fixes #31998
This commit is contained in:
parent
ee6ba5d590
commit
725ae96e1b
1 changed files with 9 additions and 3 deletions
|
@ -700,10 +700,13 @@ class SSLValidationHandler(urllib_request.BaseHandler):
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def _make_context(self, to_add_ca_cert_path):
|
def _make_context(self, to_add_ca_cert_path):
|
||||||
if HAS_URLLIB3_PYOPENSSLCONTEXT:
|
if HAS_SSLCONTEXT:
|
||||||
|
context = create_default_context()
|
||||||
|
elif HAS_URLLIB3_PYOPENSSLCONTEXT:
|
||||||
context = PyOpenSSLContext(PROTOCOL)
|
context = PyOpenSSLContext(PROTOCOL)
|
||||||
else:
|
else:
|
||||||
context = create_default_context()
|
raise NotImplementedError('Host libraries are too old to support creating an sslcontext')
|
||||||
|
|
||||||
if to_add_ca_cert_path:
|
if to_add_ca_cert_path:
|
||||||
context.load_verify_locations(to_add_ca_cert_path)
|
context.load_verify_locations(to_add_ca_cert_path)
|
||||||
return context
|
return context
|
||||||
|
@ -712,8 +715,11 @@ class SSLValidationHandler(urllib_request.BaseHandler):
|
||||||
tmp_ca_cert_path, to_add_ca_cert_path, paths_checked = self.get_ca_certs()
|
tmp_ca_cert_path, to_add_ca_cert_path, paths_checked = self.get_ca_certs()
|
||||||
https_proxy = os.environ.get('https_proxy')
|
https_proxy = os.environ.get('https_proxy')
|
||||||
context = None
|
context = None
|
||||||
if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT:
|
try:
|
||||||
context = self._make_context(to_add_ca_cert_path)
|
context = self._make_context(to_add_ca_cert_path)
|
||||||
|
except Exception:
|
||||||
|
# We'll make do with no context below
|
||||||
|
pass
|
||||||
|
|
||||||
# Detect if 'no_proxy' environment variable is set and if our URL is included
|
# Detect if 'no_proxy' environment variable is set and if our URL is included
|
||||||
use_proxy = self.detect_no_proxy(req.get_full_url())
|
use_proxy = self.detect_no_proxy(req.get_full_url())
|
||||||
|
|
Loading…
Reference in a new issue