From b6257f73b4a1797fdeb8f62b34c24184e3973495 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Thu, 28 May 2015 15:33:21 -0700 Subject: [PATCH] Properly flip default for verifying server cert. Add nice error messages when the cert is invalid --- lib/ansible/modules/network/basics/uri.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/network/basics/uri.py b/lib/ansible/modules/network/basics/uri.py index 227a814602..84b7ee77e0 100644 --- a/lib/ansible/modules/network/basics/uri.py +++ b/lib/ansible/modules/network/basics/uri.py @@ -349,6 +349,10 @@ def uri(module, url, dest, user, password, body, body_format, method, headers, r module.fail_json(msg="The server requested a type of HMACDigest authentication that we are unfamiliar with.") except httplib2.UnimplementedHmacDigestAuthOptionError: module.fail_json(msg="The server requested a type of HMACDigest authentication that we are unfamiliar with.") + except httplib2.CertificateHostnameMismatch: + module.fail_json(msg="The server's certificate does not match with its hostname.") + except httplib2.SSLHandshakeError: + module.fail_json(msg="Unable to validate server's certificate against available CA certs.") except socket.error, e: module.fail_json(msg="Socket error: %s to %s" % (e, url)) @@ -370,7 +374,7 @@ def main(): removes = dict(required=False, default=None), status_code = dict(required=False, default=[200], type='list'), timeout = dict(required=False, default=30, type='int'), - validate_certs = dict(required=False, default=False, type='bool'), + validate_certs = dict(required=False, default=True, type='bool'), ), check_invalid_arguments=False, add_file_common_args=True