1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
- name: get peercert for HTTP connection
test_peercert:
url: http://{{ httpbin_host }}/get
register: cert_http
- name: assert get peercert for HTTP connection
assert:
that:
- cert_http.raw_cert == None
- name: get peercert for HTTPS connection
test_peercert:
url: https://{{ httpbin_host }}/get
register: cert_https
# Alpine does not have openssl, just make sure the text was actually set instead
- name: check if openssl is installed
command: which openssl
ignore_errors: yes
register: openssl
- name: get actual certificate from endpoint
shell: echo | openssl s_client -connect {{ httpbin_host }}:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
register: cert_https_actual
changed_when: no
when: openssl is successful
- name: assert get peercert for HTTPS connection
assert:
that:
- cert_https.raw_cert != None
- openssl is failed or cert_https.raw_cert == cert_https_actual.stdout_lines[1:-1] | join("")
|
