diff --git a/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch b/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch
new file mode 100644
index 0000000..e0e410f
--- /dev/null
+++ b/0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch
@@ -0,0 +1,49 @@
+From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001
+From: Ralph Bean <rbean@redhat.com>
+Date: Sat, 15 Aug 2015 14:35:03 -0400
+Subject: [PATCH] Be more careful when detect cert-expiry exceptions.
+
+We ran into this in the Fedora koji instance today after an upgrade last night.
+The inline comments explain the reasoning
+---
+ koji/__init__.py | 23 ++++++++++++++++++++++-
+ 1 file changed, 22 insertions(+), 1 deletion(-)
+
+diff --git a/koji/__init__.py b/koji/__init__.py
+index 81064c3..f45ff70 100644
+--- a/koji/__init__.py
++++ b/koji/__init__.py
+@@ -1943,8 +1943,29 @@ class ClientSession(object):
+                 except Exception, e:
+                     self._close_connection()
+                     if isinstance(e, OpenSSL.SSL.Error):
++                        # pyOpenSSL doesn't use different exception
++                        # subclasses, we have to actually parse the args
+                         for arg in e.args:
+-                            for _, _, ssl_reason in arg:
++                            # First, check to see if 'arg' is iterable because
++                            # it can be anything..
++                            try:
++                                iter(arg)
++                            except TypeError:
++                                continue
++
++                            # We do all this so that we can detect cert expiry
++                            # so we can avoid retrying those over and over.
++                            for items in arg:
++                                try:
++                                    iter(items)
++                                except TypeError:
++                                    continue
++
++                                if len(items) != 3:
++                                    continue
++
++                                _, _, ssl_reason = items
++
+                                 if ('certificate revoked' in ssl_reason or
+                                         'certificate expired' in ssl_reason):
+                                     # There's no point in retrying for this
+-- 
+2.5.0
+
diff --git a/0001-Better-catch-SSL-errors.patch b/0001-Better-catch-SSL-errors.patch
new file mode 100644
index 0000000..c85b4d7
--- /dev/null
+++ b/0001-Better-catch-SSL-errors.patch
@@ -0,0 +1,45 @@
+From ab0b2e465d0f8ad930f28eb3a49850afb57250c2 Mon Sep 17 00:00:00 2001
+From: Mathieu Bridon <bochecha@daitauha.fr>
+Date: Thu, 23 Jul 2015 10:19:23 +0200
+Subject: [PATCH] Better catch SSL errors
+
+Commit 4de27c52de80596d256b059a67d10c7ed5e61238 made Koji to not retry
+on SSL errors.
+
+However, it turns out that some SSL errors are transient, and Koji
+should still retry for them.
+
+This commit changes that, so that we are more specific about which SSL
+errors should be fatal: expired or revoked certificates.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1207178
+---
+ koji/__init__.py | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/koji/__init__.py b/koji/__init__.py
+index fadbada..e7a66f2 100644
+--- a/koji/__init__.py
++++ b/koji/__init__.py
+@@ -1940,11 +1940,15 @@ class ClientSession(object):
+                 except (SystemExit, KeyboardInterrupt):
+                     #(depending on the python version, these may or may not be subclasses of Exception)
+                     raise
+-                except OpenSSL.SSL.Error as e:
+-                    # There's no point in retrying this
+-                    raise
+                 except Exception, e:
+                     self._close_connection()
++                    if isinstance(e, OpenSSL.SSL.Error):
++                        for arg in e.args:
++                            for _, _, ssl_reason in arg:
++                                if ('certificate revoked' in ssl_reason or
++                                        'certificate expired' in ssl_reason):
++                                    # There's no point in retrying for this
++                                    raise
+                     if not self.logged_in:
+                         #in the past, non-logged-in sessions did not retry. For compatibility purposes
+                         #this behavior is governed by the anon_retry opt.
+-- 
+2.5.0
+
diff --git a/koji.spec b/koji.spec
index 62cdd47..2307d9f 100644
--- a/koji.spec
+++ b/koji.spec
@@ -9,13 +9,16 @@
 
 Name: koji
 Version: 1.10.0
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2 and GPLv2+
 # koji.ssl libs (from plague) are GPLv2+
 Summary: Build system tools
 Group: Applications/System
 URL: https://fedorahosted.org/koji
 Patch0: fedora-config.patch
+# Backported upstream patches
+Patch1: 0001-Better-catch-SSL-errors.patch
+Patch2: 0001-Be-more-careful-when-detect-cert-expiry-exceptions.patch
 
 Source: https://fedorahosted.org/released/koji/koji-%{version}.tar.bz2
 BuildArch: noarch
@@ -153,6 +156,8 @@ koji-web is a web UI to the Koji system.
 %prep
 %setup -q
 %patch0 -p1 -b orig
+%patch1 -p1
+%patch2 -p1
 
 %build
 
@@ -315,6 +320,9 @@ fi
 %endif
 
 %changelog
+* Thu Sep 24 2015 Kalev Lember <klember@redhat.com> - 1.10.0-2
+- Backport two patches to fix ClientSession SSL errors
+
 * Thu Jul 16 2015 Dennis Gilmore <dennis@ausil.us> - 1.10.0=1
 - update to 1.10.0 release