@ -311,6 +322,9 @@ class SSLValidationHandler(urllib2.BaseHandler):
'Use validate_certs=no or make sure your managed systems have a valid CA certificate installed. '+ \
'Paths checked for this platform: %s'%", ".join(paths_checked)
)
exceptCertificateError:
self.module.fail_json(msg="SSL Certificate does not belong to %s. Make sure the url has a certificate that belongs to it or use validate_certs=no (insecure)"%self.hostname)
# FIXME: change the following to use the generic_urlparse function
# to remove the indexed references for 'parsed'
parsed=urlparse.urlparse(url)
ifparsed[0]=='https':
ifnotHAS_SSLandvalidate_certs:
ifparsed[0]=='https'andvalidate_certs:
ifnotHAS_SSL:
ifdistribution=='Redhat':
module.fail_json(msg='SSL validation is not available in your version of python. You can use validate_certs=no, however this is unsafe and not recommended. You can also install python-ssl from EPEL')
else:
module.fail_json(msg='SSL validation is not available in your version of python. You can use validate_certs=no, however this is unsafe and not recommended')
ifnotHAS_MATCH_HOSTNAME:
module.fail_json(msg='Available SSL validation does not check that the certificate matches the hostname. You can install backports.ssl_match_hostname or update your managed machine to python-2.7.9 or newer. You could also use validate_certs=no, however this is unsafe and not recommended')