internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-07 05:42:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

cert validation fixes - Attempt 2 (#55953)

Browse Source 
* Attempt 2 of cert validation fixes

* Remove unused code

* Cleanup the tmp cert using atexit

* Fix linting issues

* Only add SSLValidationHandler when not HAS_SSLCONTEXT

* Catch value errors on non PEM certs

* Only catch NotImplementedError to avoid masking issues

* set self._context even with PyOpenSSLContext for conformity

* Fix error building

* normalize how we interact with the context we create

* Remove unused code

* Address test for py3.7 message difference

* open_url should pass the ca_path through

* Account for new error in url lookup test

* Guard some code behind whether or not we are validating certs

* Make _make_context public

* Move atexit.register up to where the tmp file is created
This commit is contained in:
Matt Martz
2019-05-31 15:35:26 -05:00
committed by ansibot
parent c493593b4b
commit 8bd4e2a144
7 changed files with 149 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
test/integration/targets/get_url/tasks/main.yml
View File

@@ -119,7 +119,7 @@
assert:
that:
- "result is failed"
- "'Failed to validate the SSL certificate' in result.msg or ( result.msg is match('hostname .* doesn.t match .*'))"
- "'Failed to validate the SSL certificate' in result.msg or 'Hostname mismatch' in result.msg or ( result.msg is match('hostname .* doesn.t match .*'))"
- "stat_result.stat.exists == false"
- name: test https fetch to a site with mismatched hostname and certificate and validate_certs=no

2
test/integration/targets/lookups/tasks/main.yml
View File

@@ -231,7 +231,7 @@
- assert:
that:
- "url_invalid_cert.failed"
- "'Error validating the server' in url_invalid_cert.msg or ( url_invalid_cert.msg is search('hostname .* doesn.t match .*'))"
- "'Error validating the server' in url_invalid_cert.msg or 'Hostname mismatch' in url_invalid_cert.msg or ( url_invalid_cert.msg is search('hostname .* doesn.t match .*'))"
- name: Test that retrieving a url with invalid cert with validate_certs=False works
set_fact:

2
test/integration/targets/uri/tasks/main.yml
View File

@@ -103,7 +103,7 @@
assert:
that:
- result.failed == true
- "'Failed to validate the SSL certificate' in result.msg or ( result.msg is match('hostname .* doesn.t match .*'))"
- "'Failed to validate the SSL certificate' in result.msg or 'Hostname mismatch' in result.msg or (result.msg is match('hostname .* doesn.t match .*'))"
- stat_result.stat.exists == false
- result.status is defined
- result.status == -1