Fallback to old ssl_wrap_socket

2025-07-22 12:50:22 -07:00 · 2017-01-06 11:03:10 -06:00 · 2017-01-06 11:03:10 -06:00 · 13ac993d25
commit 13ac993d25
parent b4b76bab14
3 changed files with 81 additions and 18 deletions
--- a/test/integration/targets/uri/tasks/main.yml
+++ b/test/integration/targets/uri/tasks/main.yml
@ -236,15 +236,13 @@
 - name: install OS packages that are needed for SNI on old python
  package:
    name: "{{ item }}"
-  with_items: "{{ uri_os_packages[ansible_os_family] | default([]) }}"
+  with_items: "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}"
  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool

 - name: install python modules for Older Python SNI verification
  pip:
    name: "{{ item }}"
  with_items:
-    - urllib3
-    - PyOpenSSL
    - ndg-httpsclient
  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool

@ -262,7 +260,7 @@
      - 'sni_host in result.content'
  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool

- name: Uninstall ndg-httpsclient and urllib3
+- name: Uninstall ndg-httpsclient
  pip:
    name: "{{ item }}"
    state: absent
@ -274,7 +272,45 @@
  package:
    name: "{{ item }}"
    state: absent
-  with_items: "{{ uri_os_packages[ansible_os_family] | default([]) }}"
+  with_items: "{{ uri_os_packages[ansible_os_family].step1 | default([]) }}"
+  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
+
+- name: install OS packages that are needed for building cryptography
+  package:
+    name: "{{ item }}"
+  with_items: "{{ uri_os_packages[ansible_os_family].step2 | default([]) }}"
+  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
+
+- name: install urllib3 and pyopenssl via pip
+  pip:
+    name: "{{ item }}"
+    state: latest
+  with_items:
+    - urllib3
+    - PyOpenSSL
+  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
+
+- name: Verify SNI verification succeeds on old python with pip urllib3 contrib
+  uri:
+    url: 'https://{{ sni_host }}'
+    return_content: true
+  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
+  register: result
+
+- name: Assert SNI verification succeeds on old python with pip urllib3 contrib
+  assert:
+    that:
+      - result|success
+      - 'sni_host in result.content'
+  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool
+
+- name: Uninstall urllib3 and PyOpenSSL
+  pip:
+    name: "{{ item }}"
+    state: absent
+  with_items:
+    - urllib3
+    - PyOpenSSL
  when: not ansible_python.has_sslcontext and not is_ubuntu_precise|bool

 - name: validate the status_codes are correct
--- a/test/integration/targets/uri/vars/main.yml
+++ b/test/integration/targets/uri/vars/main.yml
@ -1,9 +1,17 @@
 uri_os_packages:
  RedHat:
-    - python-pyasn1
-    - libffi-devel
-    - openssl-devel
+    step1:
+      - python-pyasn1
+      - pyOpenSSL
+      - python-urllib3
+    step2:
+      - libffi-devel
+      - openssl-devel
  Debian:
-    - python-pyasn1
-    - libffi-dev
-    - libssl-dev
+    step1:
+      - python-pyasn1
+      - python-openssl
+      - python-urllib3
+    step2:
+      - libffi-dev
+      - libssl-dev