diff options
Diffstat (limited to 'lib/ansible/module_utils/urls.py')
| -rw-r--r-- | lib/ansible/module_utils/urls.py | 28 |
1 files changed, 16 insertions, 12 deletions
diff --git a/lib/ansible/module_utils/urls.py b/lib/ansible/module_utils/urls.py index 0e5fbb74c4..0197d86e10 100644 --- a/lib/ansible/module_utils/urls.py +++ b/lib/ansible/module_utils/urls.py @@ -535,15 +535,18 @@ HTTPSClientAuthHandler = None UnixHTTPSConnection = None if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler'): class CustomHTTPSConnection(httplib.HTTPSConnection): # type: ignore[no-redef] - def __init__(self, *args, **kwargs): + def __init__(self, client_cert=None, client_key=None, *args, **kwargs): httplib.HTTPSConnection.__init__(self, *args, **kwargs) self.context = None if HAS_SSLCONTEXT: self.context = self._context elif HAS_URLLIB3_PYOPENSSLCONTEXT: self.context = self._context = PyOpenSSLContext(PROTOCOL) - if self.context and self.cert_file: - self.context.load_cert_chain(self.cert_file, self.key_file) + + self._client_cert = client_cert + self._client_key = client_key + if self.context and self._client_cert: + self.context.load_cert_chain(self._client_cert, self._client_key) def connect(self): "Connect to a host on a given (SSL) port." @@ -564,10 +567,10 @@ if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler if HAS_SSLCONTEXT or HAS_URLLIB3_PYOPENSSLCONTEXT: self.sock = self.context.wrap_socket(sock, server_hostname=server_hostname) elif HAS_URLLIB3_SSL_WRAP_SOCKET: - self.sock = ssl_wrap_socket(sock, keyfile=self.key_file, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment - certfile=self.cert_file, ssl_version=PROTOCOL, server_hostname=server_hostname) + self.sock = ssl_wrap_socket(sock, keyfile=self._client_key, cert_reqs=ssl.CERT_NONE, # pylint: disable=used-before-assignment + certfile=self._client_cert, ssl_version=PROTOCOL, server_hostname=server_hostname) else: - self.sock = ssl.wrap_socket(sock, keyfile=self.key_file, certfile=self.cert_file, ssl_version=PROTOCOL) + self.sock = ssl.wrap_socket(sock, keyfile=self._client_key, certfile=self._client_cert, ssl_version=PROTOCOL) class CustomHTTPSHandler(urllib_request.HTTPSHandler): # type: ignore[no-redef] @@ -602,10 +605,6 @@ if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler return self.do_open(self._build_https_connection, req) def _build_https_connection(self, host, **kwargs): - kwargs.update({ - 'cert_file': self.client_cert, - 'key_file': self.client_key, - }) try: kwargs['context'] = self._context except AttributeError: @@ -613,7 +612,7 @@ if hasattr(httplib, 'HTTPSConnection') and hasattr(urllib_request, 'HTTPSHandler if self._unix_socket: return UnixHTTPSConnection(self._unix_socket)(host, **kwargs) if not HAS_SSLCONTEXT: - return CustomHTTPSConnection(host, **kwargs) + return CustomHTTPSConnection(host, client_cert=self.client_cert, client_key=self.client_key, **kwargs) return httplib.HTTPSConnection(host, **kwargs) @contextmanager @@ -979,7 +978,7 @@ def atexit_remove_file(filename): pass -def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True): +def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True, client_cert=None, client_key=None): if ciphers is None: ciphers = [] @@ -1006,6 +1005,9 @@ def make_context(cafile=None, cadata=None, ciphers=None, validate_certs=True): if ciphers: context.set_ciphers(':'.join(map(to_native, ciphers))) + if client_cert: + context.load_cert_chain(client_cert, keyfile=client_key) + return context @@ -1514,6 +1516,8 @@ class Request: cadata=cadata, ciphers=ciphers, validate_certs=validate_certs, + client_cert=client_cert, + client_key=client_key, ) handlers.append(HTTPSClientAuthHandler(client_cert=client_cert, client_key=client_key, |