diff --git a/contrib/inventory/vmware_inventory.py b/contrib/inventory/vmware_inventory.py index e6407bcbce..183b9a19b0 100755 --- a/contrib/inventory/vmware_inventory.py +++ b/contrib/inventory/vmware_inventory.py @@ -344,10 +344,22 @@ class VMWareInventory(object): 'pwd': self.password, 'port': int(self.port)} - if hasattr(ssl, 'SSLContext') and not self.validate_certs: + if self.validate_certs and hasattr(ssl, 'SSLContext'): + context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) + context.verify_mode = ssl.CERT_REQUIRED + context.check_hostname = True + kwargs['sslContext'] = context + elif self.validate_certs and not hasattr(ssl, 'SSLContext'): + sys.exit('pyVim does not support changing verification mode with python < 2.7.9. Either update ' + 'python or use validate_certs=false.') + elif not self.validate_certs and hasattr(ssl, 'SSLContext'): context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context.verify_mode = ssl.CERT_NONE + context.check_hostname = False kwargs['sslContext'] = context + elif not self.validate_certs and not hasattr(ssl, 'SSLContext'): + # Python 2.7.9 < or RHEL/CentOS 7.4 < + pass return self._get_instances(kwargs)