Don't pass context to urlopen, instead add it to the handlers. Fixes https://github.com/ansible/ansible-modules-core/issues/3437

lib/ansible/module_utils/urls.py

@@ -778,6 +778,15 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
         proxyhandler = urllib2.ProxyHandler({})
         handlers.append(proxyhandler)
 
+    if HAS_SSLCONTEXT and not validate_certs:
+        # In 2.7.9, the default context validates certificates
+        context = SSLContext(ssl.PROTOCOL_SSLv23)
+        context.options |= ssl.OP_NO_SSLv2
+        context.options |= ssl.OP_NO_SSLv3
+        context.verify_mode = ssl.CERT_NONE
+        context.check_hostname = False
+        handlers.append(urllib2.HTTPSHandler(context=context))
+
     # pre-2.6 versions of python cannot use the custom https
     # handler, since the socket class is lacking create_connection.
     # Some python builds lack HTTPS support.
@@ -821,15 +830,6 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
         # have a timeout parameter
         urlopen_args.append(timeout)
 
-    if HAS_SSLCONTEXT and not validate_certs:
-        # In 2.7.9, the default context validates certificates
-        context = SSLContext(ssl.PROTOCOL_SSLv23)
-        context.options |= ssl.OP_NO_SSLv2
-        context.options |= ssl.OP_NO_SSLv3
-        context.verify_mode = ssl.CERT_NONE
-        context.check_hostname = False
-        urlopen_args += (None, None, None, context)
-
     r = urllib2.urlopen(*urlopen_args)
     return r
 

test/integration/roles/test_uri/tasks/main.yml

@@ -122,7 +122,7 @@
     state: absent
 
 - name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no
-  get_url:
+  uri:
     url: "https://www.kennethreitz.org/"
     dest: "{{ output_dir }}/kreitz.html"
     validate_certs: no