vmware: check the SSL certification

If `validate_certs` is enable, we now validate the server SSL
certificate.

(cherry picked from commit 23e63c9237299dfbb9300899d6c36cbea8155bc0)

1 files changed, 5 insertions, 4 deletions

diff --git a/lib/ansible/module_utils/vmware.py b/lib/ansible/module_utils/vmware.py
index 5722b77279..9d5b08239e 100644
--- a/lib/ansible/module_utils/vmware.py
+++ b/lib/ansible/module_utils/vmware.py
@@ -514,10 +514,11 @@ def connect_to_api(module, disconnect_atexit=True):
         module.fail_json(msg='pyVim does not support changing verification mode with python < 2.7.9. Either update '
                              'python or use validate_certs=false.')
 
-    ssl_context = None
-    if not validate_certs and hasattr(ssl, 'SSLContext'):
-        ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        ssl_context.verify_mode = ssl.CERT_NONE
+    ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+    if validate_certs:
+        ssl_context.verify_mode = ssl.CERT_REQUIRED
+        ssl_context.check_hostname = True
+        ssl_context.load_default_certs()
 
     service_instance = None
     try: