BBlack has submitted this change and it was merged.

Change subject: letsencrypt: acme_tiny: Skip my ignore-HTTPS-validation code 
for old versions of python
......................................................................


letsencrypt: acme_tiny: Skip my ignore-HTTPS-validation code for old versions 
of python

We don't need it for those older versions (default behaviour does what we want)
and it broke on precise (e.g. carbon)

Change-Id: I55032bf7573ab006d4b9e441421bc0ca35fc9450
---
M modules/letsencrypt/files/acme_tiny.py
1 file changed, 8 insertions(+), 3 deletions(-)

Approvals:
  BBlack: Verified; Looks good to me, approved



diff --git a/modules/letsencrypt/files/acme_tiny.py 
b/modules/letsencrypt/files/acme_tiny.py
index 0427a16..96441bb 100644
--- a/modules/letsencrypt/files/acme_tiny.py
+++ b/modules/letsencrypt/files/acme_tiny.py
@@ -137,9 +137,14 @@
         wellknown_url = 
"http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
 
         # allow invalid https redirect - this would usually be served over 
http so it's fine
-        ctx = ssl.create_default_context()
-        ctx.check_hostname = False
-        ctx.verify_mode = ssl.CERT_NONE
+        if 'create_default_context' in dir(ssl):
+            # This is only needed for Python 2.7.9+, earlier versions didn't 
check certs by default
+            # And they didn't have ssl.create_default_context
+            ctx = ssl.create_default_context()
+            ctx.check_hostname = False
+            ctx.verify_mode = ssl.CERT_NONE
+        else:
+            ctx = None
 
         try:
             resp = urlopen(wellknown_url, context=ctx)

-- 
To view, visit https://gerrit.wikimedia.org/r/311639
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I55032bf7573ab006d4b9e441421bc0ca35fc9450
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alex Monk <a...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Volans <rcocci...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to