1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Changing SSL cert detection method to allow for auto-negotiation of SSL protocols

Fixes #6904
This commit is contained in:
James Cammarata 2014-04-15 13:44:43 -05:00
parent 23c5f4524d
commit d240d073eb

View file

@ -50,6 +50,7 @@ try:
except: except:
HAS_SSL=False HAS_SSL=False
import socket
import tempfile import tempfile
@ -162,12 +163,20 @@ class SSLValidationHandler(urllib2.BaseHandler):
def http_request(self, req): def http_request(self, req):
tmp_ca_cert_path, paths_checked = self.get_ca_certs() tmp_ca_cert_path, paths_checked = self.get_ca_certs()
try: try:
server_cert = ssl.get_server_certificate((self.hostname, self.port), ca_certs=tmp_ca_cert_path) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
except ssl.SSLError: ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED)
ssl_s.connect((self.hostname, self.port))
ssl_s.close()
except (ssl.SSLError, socket.error), e:
# fail if we tried all of the certs but none worked # fail if we tried all of the certs but none worked
self.module.fail_json(msg='Failed to validate the SSL certificate for %s:%s. ' % (self.hostname, self.port) + \ if 'connection refused' in str(e).lower():
'Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. ' + \ self.module.fail_json(msg='Failed to connect to %s:%s.' % (self.hostname, self.port))
'Paths checked for this platform: %s' % ", ".join(paths_checked)) else:
self.module.fail_json(
msg='Failed to validate the SSL certificate for %s:%s. ' % (self.hostname, self.port) + \
'Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. ' + \
'Paths checked for this platform: %s' % ", ".join(paths_checked)
)
try: try:
# cleanup the temp file created, don't worry # cleanup the temp file created, don't worry
# if it fails for some reason # if it fails for some reason