I recently encountered ansible#54589 with Ansible 2.8.1 where the uri module fails when a client cert is required by the server. While looking into urls.py from the 2.8 release, I’ve noticed the following code in SSLValidationHandler.http_request:
`
Detect if ‘no_proxy’ environment variable is set and if our URL is included
use_proxy = self.detect_no_proxy(req.get_full_url())
if not use_proxy:
ignore proxy settings for this host request
if tmp_ca_cert_path:
try:
os.remove(tmp_ca_cert_path)
except OSError:
pass
if to_add_ca_cert_path:
try:
os.remove(to_add_ca_cert_path)
except OSError:
pass
return req
`
This code was introduced by PR 9807.
The above code essentially skips the SSL validation performed by SSLValidationHandler for URLs where the host is part of the no_proxy list. Effectively having the server in no_proxy, masks the issue reported by ansible#54589.
Can someone posibly explain if it makes any sense for the above code to be part of SSLValidationHandler?
Thanks in advance.