From ebdbb80e021a28d3bb2bd7aaf7ba0deb59c21762 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Thu, 11 Mar 2021 10:45:52 +0100 Subject: [PATCH] drop PyOpenSSL usage We've replaced it with requests library some time ago, this code has no better sensitivity than requests error checking, so we can drop it completely. Fixes: https://pagure.io/koji/issue/2752 --- koji.spec | 2 -- koji/__init__.py | 51 +---------------------------------------- setup.py | 1 - www/lib/kojiweb/util.py | 11 --------- 4 files changed, 1 insertion(+), 64 deletions(-) diff --git a/koji.spec b/koji.spec index 39ca3e3a..05dc9024 100644 --- a/koji.spec +++ b/koji.spec @@ -119,7 +119,6 @@ Requires: python2-rpm %else Requires: rpm-python %endif -Requires: pyOpenSSL Requires: python-requests Requires: python-requests-gssapi Requires: python-dateutil @@ -139,7 +138,6 @@ Requires: python%{python3_pkgversion}-rpm %else Requires: rpm-python%{python3_pkgversion} %endif -Requires: python%{python3_pkgversion}-pyOpenSSL Requires: python%{python3_pkgversion}-requests %if 0%{?fedora} >= 32 || 0%{?rhel} >= 8 Requires: python%{python3_pkgversion}-requests-gssapi > 1.2.1 diff --git a/koji/__init__.py b/koji/__init__.py index 2388a555..071e8213 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -68,15 +68,6 @@ from . import _version __version__ = _version.__version__ __version_info__ = _version.__version_info__ -SSL_Error = None -try: - from OpenSSL.SSL import Error as SSL_Error -except Exception: # pragma: no cover - # the hub imports koji, and sometimes this import fails there - # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine # noqa: E501 - # unfortunately the workaround at the above link does not always work, so - # we ignore it here - pass try: import requests_gssapi as reqgssapi except ImportError: # pragma: no cover @@ -2275,46 +2266,6 @@ def is_requests_cert_error(e): return False -def is_cert_error(e): - """Determine if an OpenSSL error is due to a bad cert""" - - if SSL_Error is None: # pragma: no cover - # import failed, so we can't determine - raise Exception("OpenSSL library did not load") - if not isinstance(e, SSL_Error): - return False - - # pyOpenSSL doesn't use different exception - # subclasses, we have to actually parse the args - for arg in e.args: - # First, check to see if 'arg' is iterable because - # it can be anything.. - try: - iter(arg) - except TypeError: - continue - - # We do all this so that we can detect cert expiry - # so we can avoid retrying those over and over. - for items in arg: - try: - iter(items) - except TypeError: - continue - - if len(items) != 3: - continue - - _, _, ssl_reason = items - - if ('certificate revoked' in ssl_reason or - 'certificate expired' in ssl_reason): - return True - - # otherwise - return False - - def is_conn_error(e): """Determine if an error seems to be from a dropped connection""" # This is intended for the case where e is a socket error. @@ -2806,7 +2757,7 @@ class ClientSession(object): tb_str = ''.join(traceback.format_exception(*sys.exc_info())) self.new_session() - if is_cert_error(e) or is_requests_cert_error(e): + if is_requests_cert_error(e): # There's no point in retrying for this raise diff --git a/setup.py b/setup.py index 987682fb..97bd675c 100644 --- a/setup.py +++ b/setup.py @@ -11,7 +11,6 @@ def get_install_requires(): requires = [ 'python-dateutil', - 'pyOpenSSL', 'requests', 'requests-gssapi', 'six', diff --git a/www/lib/kojiweb/util.py b/www/lib/kojiweb/util.py index 301fd92a..6471d62e 100644 --- a/www/lib/kojiweb/util.py +++ b/www/lib/kojiweb/util.py @@ -36,17 +36,6 @@ import koji import koji.tasks -class NoSuchException(Exception): - pass - - -try: - # pyOpenSSL might not be around - from OpenSSL.SSL import Error as SSL_Error -except Exception: - SSL_Error = NoSuchException - - themeInfo = {} themeCache = {}