On 08/15/2015 02:35 PM, Ralph Bean wrote:
We ran into this in the Fedora koji instance today after an upgrade
last night.
The inline comments explain the reasoning
pushed upstream. I've been expecting to make a 1.10.1 release. Are there
any other critical issues with 1.10 that we should also fix?
---
koji/__init__.py | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/koji/__init__.py b/koji/__init__.py
index e7a66f2..939b05a 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1943,8 +1943,29 @@ class ClientSession(object):
except Exception, e:
self._close_connection()
if isinstance(e, OpenSSL.SSL.Error):
+ # pyOpenSSL doesn't use different exception
+ # subclasses, we have to actually parse the args
for arg in e.args:
- for _, _, ssl_reason in arg:
+ # First, check to see if 'arg' is iterable because
+ # it can be anything..
+ try:
+ iter(arg)
+ except TypeError:
+ continue
+
+ # We do all this so that we can detect cert expiry
+ # so we can avoid retrying those over and over.
+ for items in arg:
+ try:
+ iter(items)
+ except TypeError:
+ continue
+
+ if len(items) != 3:
+ continue
+
+ _, _, ssl_reason = items
+
if ('certificate revoked' in ssl_reason or
'certificate expired' in ssl_reason):
# There's no point in retrying for this