From 06c7b87613cc24b100a10074746d39e934eccfa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= Date: Thu, 30 May 2019 11:17:14 -0400 Subject: [PATCH] vmware_inventory: do not ignore validate_certs Python 2.7.9 < does not have the `ssl.SSLContext` attribute. If `validate_certs` is `True`, we cannot validate the SSL connection, and we need to raise an error. --- contrib/inventory/vmware_inventory.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/contrib/inventory/vmware_inventory.py b/contrib/inventory/vmware_inventory.py index e6407bcbce6..183b9a19b0e 100755 --- a/contrib/inventory/vmware_inventory.py +++ b/contrib/inventory/vmware_inventory.py @@ -344,10 +344,22 @@ class VMWareInventory(object): 'pwd': self.password, 'port': int(self.port)} - if hasattr(ssl, 'SSLContext') and not self.validate_certs: + if self.validate_certs and hasattr(ssl, 'SSLContext'): + context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = True + kwargs['sslContext'] = context + elif self.validate_certs and not hasattr(ssl, 'SSLContext'): + sys.exit('pyVim does not support changing verification mode with python < 2.7.9. Either update ' + 'python or use validate_certs=false.') + elif not self.validate_certs and hasattr(ssl, 'SSLContext'): context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context.verify_mode = ssl.CERT_NONE + context.check_hostname = False kwargs['sslContext'] = context + elif not self.validate_certs and not hasattr(ssl, 'SSLContext'): + # Python 2.7.9 < or RHEL/CentOS 7.4 < + pass return self._get_instances(kwargs)