koji/0001-Be-more-careful-when-d...

From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Sat, 15 Aug 2015 14:35:03 -0400
Subject: [PATCH] Be more careful when detect cert-expiry exceptions.

We ran into this in the Fedora koji instance today after an upgrade last night.
The inline comments explain the reasoning
---
 koji/__init__.py | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/koji/__init__.py b/koji/__init__.py
index 81064c3..f45ff70 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1943,8 +1943,29 @@ class ClientSession(object):
                 except Exception, e:
                     self._close_connection()
                     if isinstance(e, OpenSSL.SSL.Error):
+                        # pyOpenSSL doesn't use different exception
+                        # subclasses, we have to actually parse the args
                         for arg in e.args:
-                            for _, _, ssl_reason in arg:
+                            # First, check to see if 'arg' is iterable because
+                            # it can be anything..
+                            try:
+                                iter(arg)
+                            except TypeError:
+                                continue
+
+                            # We do all this so that we can detect cert expiry
+                            # so we can avoid retrying those over and over.
+                            for items in arg:
+                                try:
+                                    iter(items)
+                                except TypeError:
+                                    continue
+
+                                if len(items) != 3:
+                                    continue
+
+                                _, _, ssl_reason = items
+
                                 if ('certificate revoked' in ssl_reason or
                                         'certificate expired' in ssl_reason):
                                     # There's no point in retrying for this
-- 
2.5.0
Backport two patches to fix ClientSession SSL errors 10 years ago			`From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001`
			`From: Ralph Bean <rbean@redhat.com>`
			`Date: Sat, 15 Aug 2015 14:35:03 -0400`
			`Subject: [PATCH] Be more careful when detect cert-expiry exceptions.`

			`We ran into this in the Fedora koji instance today after an upgrade last night.`
			`The inline comments explain the reasoning`
			`---`
			`koji/__init__.py \| 23 ++++++++++++++++++++++-`
			`1 file changed, 22 insertions(+), 1 deletion(-)`

			`diff --git a/koji/__init__.py b/koji/__init__.py`
			`index 81064c3..f45ff70 100644`
			`--- a/koji/__init__.py`
			`+++ b/koji/__init__.py`
			`@@ -1943,8 +1943,29 @@ class ClientSession(object):`
			`except Exception, e:`
			`self._close_connection()`
			`if isinstance(e, OpenSSL.SSL.Error):`
			`+ # pyOpenSSL doesn't use different exception`
			`+ # subclasses, we have to actually parse the args`
			`for arg in e.args:`
			`- for _, _, ssl_reason in arg:`
			`+ # First, check to see if 'arg' is iterable because`
			`+ # it can be anything..`
			`+ try:`
			`+ iter(arg)`
			`+ except TypeError:`
			`+ continue`
			`+`
			`+ # We do all this so that we can detect cert expiry`
			`+ # so we can avoid retrying those over and over.`
			`+ for items in arg:`
			`+ try:`
			`+ iter(items)`
			`+ except TypeError:`
			`+ continue`
			`+`
			`+ if len(items) != 3:`
			`+ continue`
			`+`
			`+ _, _, ssl_reason = items`
			`+`
			`if ('certificate revoked' in ssl_reason or`
			`'certificate expired' in ssl_reason):`
			`# There's no point in retrying for this`
			`--`
			`2.5.0`