Fix get_url tests in light of distros backporting SNI support

test/integration/roles/test_get_url/tasks/main.yml

@@ -16,6 +16,21 @@
 # You should have received a copy of the GNU General Public License
 # along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
 
+- name: Determine if python looks like it will support modern ssl features like SNI
+  command: python -c 'from ssl import SSLContext'
+  ignore_errors: True
+  register: python_test
+
+- name: Set python_has_sslcontext if we have it
+  set_fact:
+    python_has_ssl_context: True
+  when: python_test.rc == 0
+
+- name: Set python_has_sslcontext False if we don't have it
+  set_fact:
+    python_has_ssl_context: False
+  when: python_test.rc != 0
+
 - name: test https fetch
   get_url: url="https://raw.githubusercontent.com/ansible/ansible/devel/README.md" dest={{output_dir}}/get_url.txt force=yes
   register: result
@@ -74,7 +89,7 @@
 
 - command: "grep 'sent the following TLS server name indication extension' {{ output_dir}}/sni.html"
   register: data_result
-  when: "{{ ansible_python_version | version_compare('2.7.9', '>=') }}"
+  when: "{{ python_has_ssl_context }}"
 
 # If distros start backporting SNI, can make a new conditional based on whether this works:
 # python -c 'from ssl import SSLContext'
@@ -84,11 +99,11 @@
     that:
       - 'data_result.rc == 0'
       - '"failed" not in get_url_result'
-  when: "{{ ansible_python_version | version_compare('2.7.9', '>=') }}"
+  when: "{{ python_has_ssl_context }}"
 
 # If the client doesn't support SNI then get_url should have failed with a certificate mismatch
 - name: Assert that hostname verification failed because SNI is not supported on this version of python
   assert:
     that:
       - 'get_url_result["failed"]'
-  when: "{{ ansible_python_version | version_compare('2.7.9', '<') }}"
+  when: "{{ not python_has_ssl_context }}"