1. ansible
  2. Commit 543bfbbe7f36a5756c44aa2ffc7c251a8f47c4cb
Browse code

vmware: check the SSL certification

If `validate_certs` is enable, we now validate the server SSL
certificate.

(cherry picked from commit 23e63c9237299dfbb9300899d6c36cbea8155bc0)

Gonéri Le Bouder authored on 2019/05/02 23:32:01
Showing 2 changed files
changelogs/fragments/vmware_check_ssl_cert.yaml
History View file @ 543bfbb
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,2 @@
0 
+bugfixes:
1 
+- vmware - The VMware modules now enable the SSL certificate check unless ``validate_certs`` is ``false``.
lib/ansible/module_utils/vmware.py
History View file @ 543bfbb
... ... 
@@ -514,10 +514,11 @@ def connect_to_api(module, disconnect_atexit=True):
514 514 
         module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update '
515 515 
                              'python or use validate_certs=false.')
516 516
517 
-    ssl_context = None
518 
-    if not validate_certs and hasattr(ssl, 'SSLContext'):
519 
-        ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
520 
-        ssl_context.verify_mode = ssl.CERT_NONE
517 
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
518 
+    if validate_certs:
519 
+        ssl_context.verify_mode = ssl.CERT_REQUIRED
520 
+        ssl_context.check_hostname = True
521 
+        ssl_context.load_default_certs()
521 522
522 523 
     service_instance = None
523 524 
     try: