diff --git a/changelogs/fragments/6034-lxd-tls.yml b/changelogs/fragments/6034-lxd-tls.yml new file mode 100644 index 0000000000..975215f3e5 --- /dev/null +++ b/changelogs/fragments/6034-lxd-tls.yml @@ -0,0 +1,2 @@ +bugfixes: + - "lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (https://github.com/ansible-collections/community.general/issues/5616, https://github.com/ansible-collections/community.general/pull/6034)." diff --git a/plugins/module_utils/lxd.py b/plugins/module_utils/lxd.py index 007de4d8db..7f5362532a 100644 --- a/plugins/module_utils/lxd.py +++ b/plugins/module_utils/lxd.py @@ -60,7 +60,7 @@ class LXDClient(object): self.cert_file = cert_file self.key_file = key_file parts = generic_urlparse(urlparse(self.url)) - ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) + ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) ctx.load_cert_chain(cert_file, keyfile=key_file) self.connection = HTTPSConnection(parts.get('netloc'), context=ctx) elif url.startswith('unix:'):