1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

lxd plugins and modules: fix TLS/SSL context creation (#6034)

Use correct purpose.
This commit is contained in:
Felix Fontein 2023-02-25 11:01:32 +01:00 committed by GitHub
parent 682c6fc967
commit f0529dcb0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 1 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- "lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (https://github.com/ansible-collections/community.general/issues/5616, https://github.com/ansible-collections/community.general/pull/6034)."

View file

@ -60,7 +60,7 @@ class LXDClient(object):
self.cert_file = cert_file self.cert_file = cert_file
self.key_file = key_file self.key_file = key_file
parts = generic_urlparse(urlparse(self.url)) parts = generic_urlparse(urlparse(self.url))
ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
ctx.load_cert_chain(cert_file, keyfile=key_file) ctx.load_cert_chain(cert_file, keyfile=key_file)
self.connection = HTTPSConnection(parts.get('netloc'), context=ctx) self.connection = HTTPSConnection(parts.get('netloc'), context=ctx)
elif url.startswith('unix:'): elif url.startswith('unix:'):