vmware_inventory: do not ignore validate_certs

Python 2.7.9 < does not have the `ssl.SSLContext` attribute. If
`validate_certs` is `True`, we cannot validate the SSL connection,
and we need to raise an error.

1 files changed, 13 insertions, 1 deletions

diff --git a/contrib/inventory/vmware_inventory.py b/contrib/inventory/vmware_inventory.py
index e6407bcbce..183b9a19b0 100755
--- a/contrib/inventory/vmware_inventory.py
+++ b/contrib/inventory/vmware_inventory.py
@@ -344,10 +344,22 @@ class VMWareInventory(object):
                   'pwd': self.password,
                   'port': int(self.port)}
 
-        if hasattr(ssl, 'SSLContext') and not self.validate_certs:
+        if self.validate_certs and hasattr(ssl, 'SSLContext'):
+            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+            context.verify_mode = ssl.CERT_REQUIRED
+            context.check_hostname = True
+            kwargs['sslContext'] = context
+        elif self.validate_certs and not hasattr(ssl, 'SSLContext'):
+            sys.exit('pyVim does not support changing verification mode with python < 2.7.9. Either update '
+                     'python or use validate_certs=false.')
+        elif not self.validate_certs and hasattr(ssl, 'SSLContext'):
             context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
             context.verify_mode = ssl.CERT_NONE
+            context.check_hostname = False
             kwargs['sslContext'] = context
+        elif not self.validate_certs and not hasattr(ssl, 'SSLContext'):
+            # Python 2.7.9 < or RHEL/CentOS 7.4 <
+            pass
 
         return self._get_instances(kwargs)