Better catch SSL errors

Commit 4de27c52de made Koji to not retry on SSL errors. However, it turns out that some SSL errors are transient, and Koji should still retry for them. This commit changes that, so that we are more specific about which SSL errors should be fatal: expired or revoked certificates. https://bugzilla.redhat.com/show_bug.cgi?id=1207178
2015-07-23 10:19:23 +02:00 · 2015-07-23 10:19:23 +02:00 · ab0b2e465d
commit ab0b2e465d
parent 4d296f11be
1 changed files with 7 additions and 3 deletions
--- a/koji/init.py
+++ b/koji/init.py
@ -1940,11 +1940,15 @@ class ClientSession(object):
                except (SystemExit, KeyboardInterrupt):
                    #(depending on the python version, these may or may not be subclasses of Exception)
                    raise
-                except OpenSSL.SSL.Error as e:
-                    # There's no point in retrying this
-                    raise
                except Exception, e:
                    self._close_connection()
+                    if isinstance(e, OpenSSL.SSL.Error):
+                        for arg in e.args:
+                            for _, _, ssl_reason in arg:
+                                if ('certificate revoked' in ssl_reason or
+                                        'certificate expired' in ssl_reason):
+                                    # There's no point in retrying for this
+                                    raise
                    if not self.logged_in:
                        #in the past, non-logged-in sessions did not retry. For compatibility purposes
                        #this behavior is governed by the anon_retry opt.