a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,189 Commits
12 Branches
186 Tags
285 MiB
Commit Graph

35 Commits (12e3a2a0c1bed9beb09b3890aa5f877fa10b86e0)

Author SHA1 Message Date
Toshio Kuratomi 8ee3b7384d Guard the PROTOCOL setting so that we work on older pythons 2015-07-24 15:07:02 -07:00
Toshio Kuratomi 3d3e1c82a2 Have openssl autonegotiate tls protocol on python < 2.7.9 
This allows usage of tls-1.1 and tls-1.2 if the underlying openssl
library supports it.  Unfortunately it also allows sslv2 and sslv3 if
the server is only configured to support those.  In this day and age,
that's probably something that the server administrator should fix
anyhow.
 2015-07-15 13:17:00 -07:00
Toshio Kuratomi 327b1676a8 Add support for SNI and TLS-1.1 and TLS-1.2 to the fetch_url() helper 
Fixes #1716
Fixes #1695
 2015-07-14 12:48:35 -07:00
Iiro Uusitalo 4e7542af37 Merge upstream changes 2015-07-10 08:44:20 +03:00
Iiro Uusitalo 403f4881ee Enables 'basic auth force' -feature globally 2015-07-09 23:11:52 +03:00
Toshio Kuratomi 9911a947ed Vendorize match_hostname code so that ansible can push it out to clients along with the code that uses it. 2015-06-25 08:17:58 -07:00
Toshio Kuratomi a1a7d6c462 Fix forwarding the user-given params from fetch_url() to open_url() 2015-06-23 15:17:26 -07:00
Toshio Kuratomi 4161d78a94 Split the fetch_url() function into fetch_url and open_url(). 
open_url() is suitable for use outside of a module environment.  Will
let us use open_url to do SSL cert verification in other, non-module
code.
 2015-06-12 12:54:56 -07:00
Toshio Kuratomi afc19894e1 Make fetch_url check the server's certificate on https connections 2015-05-28 13:20:40 -07:00
Simon Dick 6e65ccabc3 Allow the use of HTTP on custom ports in the fetch_url function 2015-05-01 13:52:29 +01:00
Brian Coca 78e1a7ed93 Revert "Fix: Add support for SSL protocol version configuration option" 2015-01-19 08:36:17 -05:00
Brian Coca 9ccabbb95e Merge pull request #9808 from swimlappy/sslconfig 
Fix: Add support for SSL protocol version configuration option
 2015-01-16 10:25:48 -05:00
Jason Holland eedc51f213 Add support for SSL protocol version configuration option. Also fix 2 places where the SSL version was not being set properly. 2014-12-13 21:20:33 -06:00
Jason Holland 38dbce1527 Allow Ansible to honor the "no_proxy" environment varaible. 2014-12-13 21:12:23 -06:00
Jure Triglav 2f869a6309 Add the default Homebrew path for OpenSSL certs on OS X 2014-10-29 14:16:01 +01:00
James Cammarata e54178f904 Catch additional errors in fetch_url 
Fixes #8971
 2014-09-11 09:47:28 -05:00
James Cammarata 8bafc646cb Disable custom https handler for fetch_url on older pythons 
Fixes #8898
 2014-09-05 13:48:45 -05:00
James Cammarata cd99821f8a Fix py26 difference in ssl socket connect call from 99ba9d6 2014-09-03 10:04:02 -05:00
Dan Buch 290f2759e1 Supporting SSL cert location on SunOS (SmartOS, really) 2014-08-29 10:33:14 -04:00
James Cammarata 99ba9d6e24 Default fetch_url to use TLSv1 instead of SSLv2/3 2014-08-28 08:22:24 -05:00
James Cammarata d44ed533b3 Default use_proxy to True for fetch_url() 
Also added some error handling to the fetch_url() call in the
apt_repository module, so that failures to look up the PPA info
are properly handled.

Fixes #7322
 2014-05-19 23:04:13 -05:00
James Cammarata 08406c0ee2 Adding the capability to proxy the ssl cert check 
The ssl cert check will now respect the http and https proxy
environment settings. The url may also have the username/password
embedded, in which case basic auth will be used to connect to the
proxy server.

Fixes #7413
 2014-05-19 16:00:32 -05:00
Joost Cassee 978e6d2cd6 Make concatenating certs robust in urls.py 
Add a newline after each certificate file explicitly to avoid problems
with files that do not end with a newline themselves.
 2014-04-30 21:46:37 +02:00
James Cammarata 117952cf6c Fixing a bug in the new fetch_url username/password logic 2014-04-24 00:44:39 -05:00
James Cammarata 89fa9b7305 Add parameters to get_url for the url username/password 
Fixes #6928
 2014-04-24 00:26:50 -05:00
Wim 6ed4ca97a8 hint to install python-ssl on redhat systems 2014-04-18 00:07:07 +02:00
James Cammarata d240d073eb Changing SSL cert detection method to allow for auto-negotiation of SSL protocols 
Fixes #6904
 2014-04-15 13:45:21 -05:00
Matt Martz 1d3d73a0b6 Only write the DUMMY_CA_CERT on OS X 2014-03-19 09:01:13 -05:00
Matt Martz 3b5aa8bd30 Provide a dummy ca to allow OS X to do it's OpenSSL keychain magic 2014-03-18 17:16:44 -05:00
Greg Dallavalle 77229553a3 fetch_url: Avoid credential stripping for FTP-scheme URLs 2014-03-16 20:41:03 -05:00
James Cammarata 2c7d58abe0 Compile ca certs into a temp file to reduce number of attempts 
For those who may have a large number of certs found, this can reduce
the number of ssl connections attempted.
 2014-03-12 13:45:16 -05:00
James Cammarata a9017af2bb Adding validate_certs to all modules that use fetch_url 2014-03-12 10:19:54 -05:00
James Cammarata 7f38cff989 Remove unused code from get_ca_certs() function 2014-03-12 09:33:19 -05:00
James Cammarata 804e4166c8 Rewriting ssl validation to try multiple certs found in paths 
Previously, the function checked only for a single CA root cert, however
some distributions may have multiple certs in a directory. This will now
try any .crt or .pem file contained within several common paths for
each platform.

Fixes #6412
 2014-03-12 09:21:19 -05:00
James Cammarata 9730157525 Validate SSL certs accessed through urllib* 
* Adds another module utility file which generalizes the
  access of urls via the urllib* libraries.
* Adds a new spec generator for common arguments.
* Makes the user-agent string configurable.

Fixes #6211
 2014-03-10 16:06:52 -05:00