From 496d10f7a894214e74a3057a53853b7baaa8e89f Mon Sep 17 00:00:00 2001
From: Yanis Guenane <yguenane@gmail.com>
Date: Fri, 25 May 2018 19:50:19 +0200
Subject: [PATCH] Remove support for SSLv2 in test suite when not defined.
 (#39183)

When running the test test/units/module_utils/urls/test_open_url.py
test_open_url_no_validate_certs, the test fails because of the SSLv2
check.

Test is run on a machine using openssl 1.1.0g. By reading the openssl
man page[1], one can see that support for SSLv2 has been removed.

> Support for SSLv2 and the corresponding SSLv2_method(),
> SSLv2_server_method() and SSLv2_client_method() functions where removed
> in OpenSSL 1.1.0.
>
> SSLv23_method(), SSLv23_server_method() and SSLv23_client_method() were
> deprecated and the preferred TLS_method(), TLS_server_method() and
> TLS_client_method() functions were introduced in OpenSSL 1.1.0.

Hence this commit remove the uses of this flag when it is not defined.

[1] https://www.openssl.org/docs/man1.1.0/ssl/SSLv23_method.html
---
 lib/ansible/module_utils/urls.py              | 3 ++-
 test/units/module_utils/urls/test_open_url.py | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py
index 26af6f2d707..c0658d67a22 100644
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@@ -893,7 +893,8 @@ def open_url(url, data=None, headers=None, method=None, use_proxy=True,
     if HAS_SSLCONTEXT and not validate_certs:
         # In 2.7.9, the default context validates certificates
         context = SSLContext(ssl.PROTOCOL_SSLv23)
-        context.options |= ssl.OP_NO_SSLv2
+        if ssl.OP_NO_SSLv2:
+            context.options |= ssl.OP_NO_SSLv2
         context.options |= ssl.OP_NO_SSLv3
         context.verify_mode = ssl.CERT_NONE
         context.check_hostname = False
diff --git a/test/units/module_utils/urls/test_open_url.py b/test/units/module_utils/urls/test_open_url.py
index 7d6aabb1dba..9185b62a6f1 100644
--- a/test/units/module_utils/urls/test_open_url.py
+++ b/test/units/module_utils/urls/test_open_url.py
@@ -217,7 +217,8 @@ def test_open_url_no_validate_certs(urlopen_mock, install_opener_mock):
     assert ssl_handler is not None
     context = ssl_handler._context
     assert context.protocol == ssl.PROTOCOL_SSLv23
-    assert context.options & ssl.OP_NO_SSLv2
+    if ssl.OP_NO_SSLv2:
+        assert context.options & ssl.OP_NO_SSLv2
     assert context.options & ssl.OP_NO_SSLv3
     assert context.verify_mode == ssl.CERT_NONE
     assert context.check_hostname is False