From f0529dcb0e8cdc009b349da185d0238a97bfce4b Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Sat, 25 Feb 2023 11:01:32 +0100
Subject: [PATCH] lxd plugins and modules: fix TLS/SSL context creation (#6034)

Use correct purpose.
---
 changelogs/fragments/6034-lxd-tls.yml | 2 ++
 plugins/module_utils/lxd.py           | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 changelogs/fragments/6034-lxd-tls.yml

diff --git a/changelogs/fragments/6034-lxd-tls.yml b/changelogs/fragments/6034-lxd-tls.yml
new file mode 100644
index 0000000000..975215f3e5
--- /dev/null
+++ b/changelogs/fragments/6034-lxd-tls.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (https://github.com/ansible-collections/community.general/issues/5616, https://github.com/ansible-collections/community.general/pull/6034)."
diff --git a/plugins/module_utils/lxd.py b/plugins/module_utils/lxd.py
index 007de4d8db..7f5362532a 100644
--- a/plugins/module_utils/lxd.py
+++ b/plugins/module_utils/lxd.py
@@ -60,7 +60,7 @@ class LXDClient(object):
             self.cert_file = cert_file
             self.key_file = key_file
             parts = generic_urlparse(urlparse(self.url))
-            ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
             ctx.load_cert_chain(cert_file, keyfile=key_file)
             self.connection = HTTPSConnection(parts.get('netloc'), context=ctx)
         elif url.startswith('unix:'):