Fix get_url tests in light of distros backporting SNI support

pull/13639/head
Toshio Kuratomi 9 years ago
parent 3057fc1753
commit c5eda277ac

@ -16,6 +16,21 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>. # along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Determine if python looks like it will support modern ssl features like SNI
command: python -c 'from ssl import SSLContext'
ignore_errors: True
register: python_test
- name: Set python_has_sslcontext if we have it
set_fact:
python_has_ssl_context: True
when: python_test.rc == 0
- name: Set python_has_sslcontext False if we don't have it
set_fact:
python_has_ssl_context: False
when: python_test.rc != 0
- name: test https fetch - name: test https fetch
get_url: url="https://raw.githubusercontent.com/ansible/ansible/devel/README.md" dest={{output_dir}}/get_url.txt force=yes get_url: url="https://raw.githubusercontent.com/ansible/ansible/devel/README.md" dest={{output_dir}}/get_url.txt force=yes
register: result register: result
@ -74,7 +89,7 @@
- command: "grep 'sent the following TLS server name indication extension' {{ output_dir}}/sni.html" - command: "grep 'sent the following TLS server name indication extension' {{ output_dir}}/sni.html"
register: data_result register: data_result
when: "{{ ansible_python_version | version_compare('2.7.9', '>=') }}" when: "{{ python_has_ssl_context }}"
# If distros start backporting SNI, can make a new conditional based on whether this works: # If distros start backporting SNI, can make a new conditional based on whether this works:
# python -c 'from ssl import SSLContext' # python -c 'from ssl import SSLContext'
@ -84,11 +99,11 @@
that: that:
- 'data_result.rc == 0' - 'data_result.rc == 0'
- '"failed" not in get_url_result' - '"failed" not in get_url_result'
when: "{{ ansible_python_version | version_compare('2.7.9', '>=') }}" when: "{{ python_has_ssl_context }}"
# If the client doesn't support SNI then get_url should have failed with a certificate mismatch # If the client doesn't support SNI then get_url should have failed with a certificate mismatch
- name: Assert that hostname verification failed because SNI is not supported on this version of python - name: Assert that hostname verification failed because SNI is not supported on this version of python
assert: assert:
that: that:
- 'get_url_result["failed"]' - 'get_url_result["failed"]'
when: "{{ ansible_python_version | version_compare('2.7.9', '<') }}" when: "{{ not python_has_ssl_context }}"

Loading…
Cancel
Save