lxd plugins and modules: fix TLS/SSL context creation (#6034)

Use correct purpose.
ansible-collections · Feb 25, 2023 · f0529dc · f0529dc
1 parent 682c6fc
commit f0529dc
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/changelogs/fragments/6034-lxd-tls.yml b/changelogs/fragments/6034-lxd-tls.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (https://github.com/ansible-collections/community.general/issues/5616, https://github.com/ansible-collections/community.general/pull/6034)."
diff --git a/plugins/module_utils/lxd.py b/plugins/module_utils/lxd.py
@@ -60,7 +60,7 @@ def __init__(self, url, key_file=None, cert_file=None, debug=False):
             self.cert_file = cert_file
             self.key_file = key_file
             parts = generic_urlparse(urlparse(self.url))
-            ctx = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
+            ctx = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
             ctx.load_cert_chain(cert_file, keyfile=key_file)
             self.connection = HTTPSConnection(parts.get('netloc'), context=ctx)
         elif url.startswith('unix:'):
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- "lxd_* modules, lxd inventory plugin - fix TLS/SSL certificate validation problems by using the correct purpose when creating the TLS context (https://github.com/ansible-collections/community.general/issues/5616, https://github.com/ansible-collections/community.general/pull/6034)."