From 3b5aa8bd30a3fa84eca6141a434274b1455c591b Mon Sep 17 00:00:00 2001 From: Matt Martz Date: Tue, 18 Mar 2014 17:16:44 -0500 Subject: [PATCH 1/2] Provide a dummy ca to allow OS X to do it's OpenSSL keychain magic --- lib/ansible/module_utils/urls.py | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 41b1135855f..2eb26bfd6a2 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -52,6 +52,31 @@ except: import tempfile + +# This is a dummy cacert provided for Mac OS since you need at least 1 +# ca cert, regardless of validity, for Python on Mac OS to use the +# keychain functionality in OpenSSL for validating SSL certificates. +# See: http://mercurial.selenic.com/wiki/CACertificates#Mac_OS_X_10.6_and_higher +DUMMY_CA_CERT = """-----BEGIN CERTIFICATE----- +MIICvDCCAiWgAwIBAgIJAO8E12S7/qEpMA0GCSqGSIb3DQEBBQUAMEkxCzAJBgNV +BAYTAlVTMRcwFQYDVQQIEw5Ob3J0aCBDYXJvbGluYTEPMA0GA1UEBxMGRHVyaGFt +MRAwDgYDVQQKEwdBbnNpYmxlMB4XDTE0MDMxODIyMDAyMloXDTI0MDMxNTIyMDAy +MlowSTELMAkGA1UEBhMCVVMxFzAVBgNVBAgTDk5vcnRoIENhcm9saW5hMQ8wDQYD +VQQHEwZEdXJoYW0xEDAOBgNVBAoTB0Fuc2libGUwgZ8wDQYJKoZIhvcNAQEBBQAD +gY0AMIGJAoGBANtvpPq3IlNlRbCHhZAcP6WCzhc5RbsDqyh1zrkmLi0GwcQ3z/r9 +gaWfQBYhHpobK2Tiq11TfraHeNB3/VfNImjZcGpN8Fl3MWwu7LfVkJy3gNNnxkA1 +4Go0/LmIvRFHhbzgfuo9NFgjPmmab9eqXJceqZIlz2C8xA7EeG7ku0+vAgMBAAGj +gaswgagwHQYDVR0OBBYEFPnN1nPRqNDXGlCqCvdZchRNi/FaMHkGA1UdIwRyMHCA +FPnN1nPRqNDXGlCqCvdZchRNi/FaoU2kSzBJMQswCQYDVQQGEwJVUzEXMBUGA1UE +CBMOTm9ydGggQ2Fyb2xpbmExDzANBgNVBAcTBkR1cmhhbTEQMA4GA1UEChMHQW5z +aWJsZYIJAO8E12S7/qEpMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEA +MUB80IR6knq9K/tY+hvPsZer6eFMzO3JGkRFBh2kn6JdMDnhYGX7AXVHGflrwNQH +qFy+aenWXsC0ZvrikFxbQnX8GVtDADtVznxOi7XzFw7JOxdsVrpXgSN0eh0aMzvV +zKPZsZ2miVGclicJHzm5q080b1p/sZtuKIEZk6vZqEg= +-----END CERTIFICATE----- +""" + + class RequestWithMethod(urllib2.Request): ''' Workaround for using DELETE/PUT/etc with urllib2 @@ -112,6 +137,9 @@ class SSLValidationHandler(urllib2.BaseHandler): tmp_fd, tmp_path = tempfile.mkstemp() + # Write the dummy ca cert + os.write(tmp_fd, DUMMY_CA_CERT) + # for all of the paths, find any .crt or .pem files # and compile them into single temp file for use # in the ssl check to speed up the test From 1d3d73a0b643a630a751ad0acc59b0f6a430b95b Mon Sep 17 00:00:00 2001 From: Matt Martz Date: Wed, 19 Mar 2014 09:01:13 -0500 Subject: [PATCH 2/2] Only write the DUMMY_CA_CERT on OS X --- lib/ansible/module_utils/urls.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 2eb26bfd6a2..e02f171aee4 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -137,8 +137,9 @@ class SSLValidationHandler(urllib2.BaseHandler): tmp_fd, tmp_path = tempfile.mkstemp() - # Write the dummy ca cert - os.write(tmp_fd, DUMMY_CA_CERT) + # Write the dummy ca cert if we are running on Mac OS X + if platform == 'Darwin': + os.write(tmp_fd, DUMMY_CA_CERT) # for all of the paths, find any .crt or .pem files # and compile them into single temp file for use