diff options
| author | Yanis Guenane <yguenane@gmail.com> | 2018-05-25 19:50:19 +0200 |
|---|---|---|
| committer | Adam Miller <admiller@redhat.com> | 2018-05-25 12:50:19 -0500 |
| commit | 496d10f7a894214e74a3057a53853b7baaa8e89f (patch) | |
| tree | 6990bcf745109a924ffb90a4c464797a19491e72 | |
| parent | bc2430694c152311eb7768227ab9ce54a1c99715 (diff) | |
| download | ansible-496d10f7a894214e74a3057a53853b7baaa8e89f.tar.gz | |
Remove support for SSLv2 in test suite when not defined. (#39183)
When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.
Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.
> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.
Hence this commit remove the uses of this flag when it is not defined.
[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
| -rw-r--r-- | lib/ansible/module_utils/urls.py | 3 | ||||
| -rw-r--r-- | test/units/module_utils/urls/test_open_url.py | 3 |
2 files changed, 4 insertions, 2 deletions
diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 26af6f2d70..c0658d67a2 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -893,7 +893,8 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True, if HAS_SSLCONTEXT and not validate_certs: # In 2.7.9, the default context validates certificates context = SSLContext(ssl.PROTOCOL_SSLv23) - context.options |= ssl.OP_NO_SSLv2 + if ssl.OP_NO_SSLv2: + context.options |= ssl.OP_NO_SSLv2 context.options |= ssl.OP_NO_SSLv3 context.verify_mode = ssl.CERT_NONE context.check_hostname = False diff --git a/test/units/module_utils/urls/test_open_url.py b/test/units/module_utils/urls/test_open_url.py index 7d6aabb1db..9185b62a6f 100644 --- a/test/units/module_utils/urls/test_open_url.py +++ b/test/units/module_utils/urls/test_open_url.py @@ -217,7 +217,8 @@ def test_open_url_no_validate_certs(urlopen_mock, install_opener_mock): assert ssl_handler is not None context = ssl_handler._context assert context.protocol == ssl.PROTOCOL_SSLv23 - assert context.options & ssl.OP_NO_SSLv2 + if ssl.OP_NO_SSLv2: + assert context.options & ssl.OP_NO_SSLv2 assert context.options & ssl.OP_NO_SSLv3 assert context.verify_mode == ssl.CERT_NONE assert context.check_hostname is False |