Default fetch_url to use TLSv1 instead of SSLv2/3

2014-08-28 08:20:11 -05:00 · 2014-08-28 08:20:11 -05:00 · 7fbdbcdec7
commit 7fbdbcdec7
parent 90a42bb15a
1 changed files with 20 additions and 0 deletions
--- a/lib/ansible/module_utils/urls.py
+++ b/lib/ansible/module_utils/urls.py
@ -50,6 +50,7 @@ try:
 except:
    HAS_SSL=False

+import httplib
 import os
 import re
 import socket
@ -79,6 +80,23 @@ zKPZsZ2miVGclicJHzm5q080b1p/sZtuKIEZk6vZqEg=
 -----END CERTIFICATE-----
 """

+class CustomHTTPSConnection(httplib.HTTPSConnection):
+    def connect(self):
+        "Connect to a host on a given (SSL) port."
+
+        sock = socket.create_connection((self.host, self.port), self.timeout, self.source_address)
+        if self._tunnel_host:
+            self.sock = sock
+            self._tunnel()
+        self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=ssl.PROTOCOL_TLSv1)
+
+class CustomHTTPSHandler(urllib2.HTTPSHandler):
+
+    def https_open(self, req):
+        return self.do_open(CustomHTTPSConnection, req)
+
+    https_request = urllib2.AbstractHTTPHandler.do_request_
+
 def generic_urlparse(parts):
    '''
    Returns a dictionary of url parts as parsed by urlparse,
@ -373,6 +391,8 @@ def fetch_url(module, url, data=None, headers=None, method=None,
        proxyhandler = urllib2.ProxyHandler({})
        handlers.append(proxyhandler)

+    handlers.append(CustomHTTPSHandler)
+
    opener = urllib2.build_opener(*handlers)
    urllib2.install_opener(opener)