If `validate_certs` is enable, we now validate the server SSL
certificate.
(cherry picked from commit 23e63c9237299dfbb9300899d6c36cbea8155bc0)
... | ... |
@@ -514,10 +514,11 @@ def connect_to_api(module, disconnect_atexit=True): |
514 | 514 |
module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update ' |
515 | 515 |
'python or use validate_certs=false.') |
516 | 516 |
|
517 |
- ssl_context = None |
|
518 |
- if not validate_certs and hasattr(ssl, 'SSLContext'): |
|
519 |
- ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) |
|
520 |
- ssl_context.verify_mode = ssl.CERT_NONE |
|
517 |
+ ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) |
|
518 |
+ if validate_certs: |
|
519 |
+ ssl_context.verify_mode = ssl.CERT_REQUIRED |
|
520 |
+ ssl_context.check_hostname = True |
|
521 |
+ ssl_context.load_default_certs() |
|
521 | 522 |
|
522 | 523 |
service_instance = None |
523 | 524 |
try: |