From fad7935abc32c84dd46bcca29819df00273cdf59 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Thu, 25 Feb 2021 15:17:40 +0100 Subject: [PATCH] cobbler_sync cobbler_system fix TLS check when validate_certs (#1880) (#1901) Ref: https://www.python.org/dev/peps/pep-0476/ Issue #1878 add changelog fragment Co-authored-by: Nicolas Marcq (cherry picked from commit 36dea9ab97e53d20946afb7f62093cd05dd97b31) Co-authored-by: Nicolas Marcq --- .../fragments/1880-fix_cobbler_system_ssl.yml | 2 ++ .../remote_management/cobbler/cobbler_sync.py | 14 ++++++++------ .../remote_management/cobbler/cobbler_system.py | 14 ++++++++------ 3 files changed, 18 insertions(+), 12 deletions(-) create mode 100644 changelogs/fragments/1880-fix_cobbler_system_ssl.yml diff --git a/changelogs/fragments/1880-fix_cobbler_system_ssl.yml b/changelogs/fragments/1880-fix_cobbler_system_ssl.yml new file mode 100644 index 0000000000..849f703130 --- /dev/null +++ b/changelogs/fragments/1880-fix_cobbler_system_ssl.yml @@ -0,0 +1,2 @@ +bugfixes: + - cobbler_sync, cobbler_system - fix SSL/TLS certificate check when ``validate_certs`` set to ``false`` (https://github.com/ansible-collections/community.general/pull/1880). diff --git a/plugins/modules/remote_management/cobbler/cobbler_sync.py b/plugins/modules/remote_management/cobbler/cobbler_sync.py index 2e5f080d80..3ce1c25564 100644 --- a/plugins/modules/remote_management/cobbler/cobbler_sync.py +++ b/plugins/modules/remote_management/cobbler/cobbler_sync.py @@ -106,12 +106,14 @@ def main(): ssl_context = None if not validate_certs: - try: # Python 2.7.9 and newer - ssl_context = ssl.create_unverified_context() - except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default - ssl._create_default_context = ssl._create_unverified_context - else: # Python 2.7.8 and older - ssl._create_default_https_context = ssl._create_unverified_https_context + try: + ssl_context = ssl._create_unverified_context() + except AttributeError: + # Legacy Python that doesn't verify HTTPS certificates by default + pass + else: + # Handle target environment that doesn't support HTTPS verification + ssl._create_default_https_context = ssl._create_unverified_context url = '{proto}://{host}:{port}/cobbler_api'.format(**module.params) if ssl_context: diff --git a/plugins/modules/remote_management/cobbler/cobbler_system.py b/plugins/modules/remote_management/cobbler/cobbler_system.py index ecabcc8e4d..504369e56a 100644 --- a/plugins/modules/remote_management/cobbler/cobbler_system.py +++ b/plugins/modules/remote_management/cobbler/cobbler_system.py @@ -229,12 +229,14 @@ def main(): ssl_context = None if not validate_certs: - try: # Python 2.7.9 and newer - ssl_context = ssl.create_unverified_context() - except AttributeError: # Legacy Python that doesn't verify HTTPS certificates by default - ssl._create_default_context = ssl._create_unverified_context - else: # Python 2.7.8 and older - ssl._create_default_https_context = ssl._create_unverified_https_context + try: + ssl_context = ssl._create_unverified_context() + except AttributeError: + # Legacy Python that doesn't verify HTTPS certificates by default + pass + else: + # Handle target environment that doesn't support HTTPS verification + ssl._create_default_https_context = ssl._create_unverified_context url = '{proto}://{host}:{port}/cobbler_api'.format(**module.params) if ssl_context: