ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-08 17:29:11 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

More intelligent building of the SSLValidationError message based on capabilities

Browse source
This commit is contained in:
Matt Martz 2016-04-06 11:04:04 -05:00
parent 6e9c09d7f7
commit 398218b6ea
1 changed files with 29 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

53
lib/ansible/module_utils/urls.py
View file

@ -487,6 +487,33 @@ def RedirectHandlerFactory(follow_redirects=None, validate_certs=True):
return RedirectHandler return RedirectHandler
def build_ssl_validation_error(hostname, port, paths):
'''Inteligently build out the SSLValidationError based on what support
you have installed
'''
msg = [
('Failed to validate the SSL certificate for %s:%s.'
' Make sure your managed systems have a valid CA'
' certificate installed.')
]
if not HAS_SSLCONTEXT:
msg.append('If the website serving the url uses SNI you need'
' python >= 2.7.9 on your managed machine')
if not HAS_URLLIB3_SNI_SUPPORT:
msg.append('or you can install the `urllib3`, `pyopenssl`,'
' `ndg-httpsclient`, and `pyasn1` python modules')
msg.append('to perform SNI verification in python >= 2.6.')
msg.append('You can use validate_certs=False if you do'
' not need to confirm the servers identity but this is'
' unsafe and not recommended.'
' Paths checked for this platform: %s')
raise SSLValidationError(' '.join(msg) % (hostname, port, ", ".join(paths)))
class SSLValidationHandler(urllib2.BaseHandler): class SSLValidationHandler(urllib2.BaseHandler):
''' '''
A custom handler class for SSL validation. A custom handler class for SSL validation.
@ -642,31 +669,9 @@ class SSLValidationHandler(urllib2.BaseHandler):
if 'connection refused' in str(e).lower(): if 'connection refused' in str(e).lower():
raise ConnectionError('Failed to connect to %s:%s.' % (self.hostname, self.port)) raise ConnectionError('Failed to connect to %s:%s.' % (self.hostname, self.port))
else: else:
raise SSLValidationError('Failed to validate the SSL certificate for %s:%s.' build_ssl_validation_error(self.hostname, self.port, paths_checked)
' Make sure your managed systems have a valid CA'
' certificate installed. If the website serving the url'
' uses SNI you need python >= 2.7.9 on your managed'
' machine or you can install `urllib3`, `pyopenssl`,'
' `ndg-httpsclient`, and `pyasn1` to perform SNI'
' verification in python >= 2.6. You can use'
' validate_certs=False if you do'
' not need to confirm the server\s identity but this is'
' unsafe and not recommended'
' Paths checked for this platform: %s' % (self.hostname, self.port, ", ".join(paths_checked))
)
except CertificateError: except CertificateError:
raise SSLValidationError('Failed to validate the SSL certificate for %s:%s.' build_ssl_validation_error(self.hostname, self.port, paths_checked)
' Make sure your managed systems have a valid CA'
' certificate installed. If the website serving the url'
' uses SNI you need python >= 2.7.9 on your managed'
' machine or you can install `urllib3`, `pyopenssl`,'
' `ndg-httpsclient`, and `pyasn1` to perform SNI'
' verification in python >= 2.6. You can use'
' validate_certs=False if you do'
' not need to confirm the server\s identity but this is'
' unsafe and not recommended'
' Paths checked for this platform: %s' % (self.hostname, self.port, ", ".join(paths_checked))
)
try: try:
# cleanup the temp file created, don't worry # cleanup the temp file created, don't worry