diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 7fe36d3f47..55269210d7 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -778,6 +778,15 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True, proxyhandler = urllib2.ProxyHandler({}) handlers.append(proxyhandler) + if HAS_SSLCONTEXT and not validate_certs: + # In 2.7.9, the default context validates certificates + context = SSLContext(ssl.PROTOCOL_SSLv23) + context.options |= ssl.OP_NO_SSLv2 + context.options |= ssl.OP_NO_SSLv3 + context.verify_mode = ssl.CERT_NONE + context.check_hostname = False + handlers.append(urllib2.HTTPSHandler(context=context)) + # pre-2.6 versions of python cannot use the custom https # handler, since the socket class is lacking create_connection. # Some python builds lack HTTPS support. @@ -821,15 +830,6 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True, # have a timeout parameter urlopen_args.append(timeout) - if HAS_SSLCONTEXT and not validate_certs: - # In 2.7.9, the default context validates certificates - context = SSLContext(ssl.PROTOCOL_SSLv23) - context.options |= ssl.OP_NO_SSLv2 - context.options |= ssl.OP_NO_SSLv3 - context.verify_mode = ssl.CERT_NONE - context.check_hostname = False - urlopen_args += (None, None, None, context) - r = urllib2.urlopen(*urlopen_args) return r diff --git a/test/integration/roles/test_uri/tasks/main.yml b/test/integration/roles/test_uri/tasks/main.yml index 2a5436bdaf..8891bff00e 100644 --- a/test/integration/roles/test_uri/tasks/main.yml +++ b/test/integration/roles/test_uri/tasks/main.yml @@ -122,7 +122,7 @@ state: absent - name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no - get_url: + uri: url: "https://www.kennethreitz.org/" dest: "{{ output_dir }}/kreitz.html" validate_certs: no