Revert "Fix: Add support for SSL protocol version configuration option"revert-9808-sslconfig

author: Brian Coca <bcoca@ansible.com> 2015-01-19 08:36:17 -0500
committer: Brian Coca <bcoca@ansible.com> 2015-01-19 08:36:17 -0500
commit: 78e1a7ed9361fe2d105bd3aa99470fcd35064281 (patch)
tree: 147ed0291a061cdfcc5cb83bc45e34748740300a
parent: 566a8d1b9dd3827e4a573940ca74df21d2cb2095 (diff)
download: ansible-revert-9808-sslconfig.tar.gz
4 files changed, 4 insertions, 15 deletions
diff --git a/examples/ansible.cfg b/examples/ansible.cfg
index 1426047345..150c726235 100644
--- a/examples/ansible.cfg
+++ b/examples/ansible.cfg
@@ -212,12 +212,3 @@ accelerate_daemon_timeout = 30
 # is "no".
 #accelerate_multi_key = yes
 
-[ssl]
-# SSL/TLS Protocol
-# Configure the default protocol strength of any SSL/TLS connections
-# made by Ansible.  Valid values are
-#  SSLv2  - 0
-#  SSLv3  - 1
-#  SSLv23 - 2
-#  TLSv1  - 3
-ssl_protocol = 3
diff --git a/lib/ansible/constants.py b/lib/ansible/constants.py
index b4b2ff5618..861dd5325c 100644
--- a/lib/ansible/constants.py
+++ b/lib/ansible/constants.py
@@ -166,7 +166,6 @@ ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'AN
 ANSIBLE_SSH_CONTROL_PATH       = get_config(p, 'ssh_connection', 'control_path', 'ANSIBLE_SSH_CONTROL_PATH', "%(directory)s/ansible-ssh-%%h-%%p-%%r")
 ANSIBLE_SSH_PIPELINING         = get_config(p, 'ssh_connection', 'pipelining', 'ANSIBLE_SSH_PIPELINING', False, boolean=True)
 PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
-SSL_PROTOCOL                   = get_config(p, 'ssl', 'ssl_protocol', 'SSL_PROTOCOL', 3, integer=True)
 # obsolete -- will be formally removed in 1.6
 ZEROMQ_PORT                    = get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099, integer=True)
 ACCELERATE_PORT                = get_config(p, 'accelerate', 'accelerate_port', 'ACCELERATE_PORT', 5099, integer=True)
diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py
index ba49c9038c..962b868ee0 100644
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@@ -55,7 +55,7 @@ import os
 import re
 import socket
 import tempfile
-from ansible import constants as C
+
 
 # This is a dummy cacert provided for Mac OS since you need at least 1
 # ca cert, regardless of validity, for Python on Mac OS to use the
@@ -91,7 +91,7 @@ class CustomHTTPSConnection(httplib.HTTPSConnection):
         if self._tunnel_host:
             self.sock = sock
             self._tunnel()
-        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=C.SSL_PROTOCOL)
+        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
 
 class CustomHTTPSHandler(urllib2.HTTPSHandler):
 
@@ -292,12 +292,12 @@ class SSLValidationHandler(urllib2.BaseHandler):
                     s.sendall('\r\n')
                     connect_result = s.recv(4096)
                     self.validate_proxy_response(connect_result)
-                    ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED, ssl_version=C.SSL_PROTOCOL)
+                    ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED)
                 else:
                     self.module.fail_json(msg='Unsupported proxy scheme: %s. Currently ansible only supports HTTP proxies.' % proxy_parts.get('scheme'))
             else:
                 s.connect((self.hostname, self.port))
-                ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED, ssl_version=C.SSL_PROTOCOL)
+                ssl_s = ssl.wrap_socket(s, ca_certs=tmp_ca_cert_path, cert_reqs=ssl.CERT_REQUIRED)
             # close the ssl connection
             #ssl_s.unwrap()
             s.close()
diff --git a/v2/ansible/constants.py b/v2/ansible/constants.py
index 21bf0e299e..6adcdd0a9f 100644
--- a/v2/ansible/constants.py
+++ b/v2/ansible/constants.py
@@ -173,7 +173,6 @@ ANSIBLE_SSH_ARGS               = get_config(p, 'ssh_connection', 'ssh_args', 'AN
 ANSIBLE_SSH_CONTROL_PATH       = get_config(p, 'ssh_connection', 'control_path', 'ANSIBLE_SSH_CONTROL_PATH', "%(directory)s/ansible-ssh-%%h-%%p-%%r")
 ANSIBLE_SSH_PIPELINING         = get_config(p, 'ssh_connection', 'pipelining', 'ANSIBLE_SSH_PIPELINING', False, boolean=True)
 PARAMIKO_RECORD_HOST_KEYS      = get_config(p, 'paramiko_connection', 'record_host_keys', 'ANSIBLE_PARAMIKO_RECORD_HOST_KEYS', True, boolean=True)
-SSL_PROTOCOL                   = get_config(p, 'ssl', 'ssl_protocol', 'SSL_PROTOCOL', 3, integer=True)
 # obsolete -- will be formally removed in 1.6
 ZEROMQ_PORT                    = get_config(p, 'fireball_connection', 'zeromq_port', 'ANSIBLE_ZEROMQ_PORT', 5099, integer=True)
 ACCELERATE_PORT                = get_config(p, 'accelerate', 'accelerate_port', 'ACCELERATE_PORT', 5099, integer=True)
author	Brian Coca <bcoca@ansible.com>	2015-01-19 08:36:17 -0500
committer	Brian Coca <bcoca@ansible.com>	2015-01-19 08:36:17 -0500
commit	78e1a7ed9361fe2d105bd3aa99470fcd35064281 (patch)
tree	147ed0291a061cdfcc5cb83bc45e34748740300a
parent	566a8d1b9dd3827e4a573940ca74df21d2cb2095 (diff)
download	ansible-revert-9808-sslconfig.tar.gz