From 2c7d58abe046e08a7b082e63d5699b7f2206ea6c Mon Sep 17 00:00:00 2001
From: James Cammarata <jimi@sngx.net>
Date: Wed, 12 Mar 2014 13:44:24 -0500
Subject: [PATCH] Compile ca certs into a temp file to reduce number of
 attempts

For those who may have a large number of certs found, this can reduce
the number of ssl connections attempted.
---
 lib/ansible/module_utils/urls.py | 37 +++++++++++++++++++++-----------
 1 file changed, 24 insertions(+), 13 deletions(-)

diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py
index 9f15d17f718..053dfc041c8 100644
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@@ -50,6 +50,7 @@ try:
 except:
     HAS_SSL=False
 
+import tempfile
 
 class RequestWithMethod(urllib2.Request):
     '''
@@ -109,32 +110,42 @@ class SSLValidationHandler(urllib2.BaseHandler):
         # location if the OS platform one is not available
         paths_checked.append('/etc/ansible')
 
+        tmp_fd, tmp_path = tempfile.mkstemp()
+
+        # for all of the paths, find any  .crt or .pem files
+        # and compile them into single temp file for use
+        # in the ssl check to speed up the test
         for path in paths_checked:
             if os.path.exists(path) and os.path.isdir(path):
                 dir_contents = os.listdir(path)
                 for f in dir_contents:
                     full_path = os.path.join(path, f)
                     if os.path.isfile(full_path) and os.path.splitext(f)[1] in ('.crt','.pem'):
-                        ca_certs.append(full_path)
+                        try:
+                            cert_file = open(full_path, 'r')
+                            os.write(tmp_fd, cert_file.read())
+                            cert_file.close()
+                        except:
+                            pass
 
-        return (ca_certs, paths_checked)
+        return (tmp_path, paths_checked)
 
     def http_request(self, req):
-        ca_certs, paths_checked = self.get_ca_certs()
-        if len(ca_certs) > 0:
-            for ca_cert in ca_certs:
-                try:
-                    server_cert = ssl.get_server_certificate((self.hostname, self.port), ca_certs=ca_cert)
-                    return req
-                except ssl.SSLError:
-                    # try the next one
-                    pass
+        tmp_ca_cert_path, paths_checked = self.get_ca_certs()
+        try:
+            server_cert = ssl.get_server_certificate((self.hostname, self.port), ca_certs=tmp_ca_cert_path)
+        except ssl.SSLError:
             # fail if we tried all of the certs but none worked
             self.module.fail_json(msg='Failed to validate the SSL certificate for %s:%s. ' % (self.hostname, self.port) + \
                                       'Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. ' + \
                                       'Paths checked for this platform: %s' % ", ".join(paths_checked))
-        # if no CA certs were found, we just fall through
-        # to here and return the request with no SSL validation
+        try:
+            # cleanup the temp file created, don't worry
+            # if it fails for some reason
+            os.remove(tmp_ca_cert_path)
+        except:
+            pass
+
         return req
 
     https_request = http_request