From 9103bda257e235b26bdbeb9198299cbc13a0d515 Mon Sep 17 00:00:00 2001 From: Ralph Bean Date: Sat, 15 Aug 2015 14:35:03 -0400 Subject: [PATCH] Be more careful when detect cert-expiry exceptions. We ran into this in the Fedora koji instance today after an upgrade last night. The inline comments explain the reasoning --- koji/__init__.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/koji/__init__.py b/koji/__init__.py index 81064c3..f45ff70 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -1943,8 +1943,29 @@ class ClientSession(object): except Exception, e: self._close_connection() if isinstance(e, OpenSSL.SSL.Error): + # pyOpenSSL doesn't use different exception + # subclasses, we have to actually parse the args for arg in e.args: - for _, _, ssl_reason in arg: + # First, check to see if 'arg' is iterable because + # it can be anything.. + try: + iter(arg) + except TypeError: + continue + + # We do all this so that we can detect cert expiry + # so we can avoid retrying those over and over. + for items in arg: + try: + iter(items) + except TypeError: + continue + + if len(items) != 3: + continue + + _, _, ssl_reason = items + if ('certificate revoked' in ssl_reason or 'certificate expired' in ssl_reason): # There's no point in retrying for this -- 2.5.0