[PATCH] Don't retry on SSL failures
Peter Robinson
pbrobinson at gmail.com
Tue Jul 21 23:45:33 UTC 2015
> From: Mathieu Bridon <bochecha at daitauha.fr>
>
> With the current code, trying to SSL-login with a bad certificate will
> just make it look like the client code is hanging.
>
> That's because it tries and tries again, silently, until it reaches it's
> maximum retry limit.
>
> But in the case of an SSL error, such as an expired client cert, there's
> really no point in retrying.
> ---
> koji/__init__.py | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/koji/__init__.py b/koji/__init__.py
> index 58971da..9ebe83a 100644
> --- a/koji/__init__.py
> +++ b/koji/__init__.py
> @@ -57,7 +57,7 @@ import xmlrpclib
> import xml.sax
> import xml.sax.handler
> from xmlrpclib import loads, dumps, Fault
> -#import OpenSSL.SSL
> +import OpenSSL
> import zipfile
>
> def _(args):
> @@ -1938,6 +1938,9 @@ class ClientSession(object):
> except (SystemExit, KeyboardInterrupt):
> #(depending on the python version, these may or may
> not be subclasses of Exception)
> raise
> + except OpenSSL.SSL.Error as e:
> + # There's no point in retrying this
> + raise
> except Exception, e:
> self._close_connection()
> if not self.logged_in:
> --
> 2.4.3
This has actually caused me issues with newRepo on el6. I get the
following traceback from kojid:
Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/koji/daemon.py", line 1161, in runTask
response = (handler.run(),)
File "/usr/lib/python2.6/site-packages/koji/tasks.py", line 158, in run
return koji.util.call_with_argcheck(self.handler, self.params, self.opts)
File "/usr/lib/python2.6/site-packages/koji/util.py", line 154, in
call_with_argcheck
return func(*args, **kwargs)
File "/usr/sbin/kojid", line 4243, in handler
results = self.wait(subtasks.values(), all=True, failany=True)
File "/usr/lib/python2.6/site-packages/koji/tasks.py", line 215, in wait
finished, unfinished = self.session.host.taskWait(self.id)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1577,
in __call__
return self.__func(self.__name,args,opts)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1920,
in _callMethod
return self._sendCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1831,
in _sendCall
return self._sendOneCall(handler, headers, request)
File "/usr/lib/python2.6/site-packages/koji/__init__.py", line 1850,
in _sendOneCall
cnx.send(request)
File "/usr/lib64/python2.6/httplib.py", line 759, in send
self.sock.sendall(str)
File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py",
line 111, in sendall
self.close()
File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py",
line 82, in close
self.shutdown()
File "/usr/lib/python2.6/site-packages/koji/ssl/SSLConnection.py",
line 53, in shutdown
self.__dict__["conn"].shutdown()
Error: []
http://arm.koji.fedoraproject.org/koji/taskinfo?taskID=3087577
More information about the buildsys
mailing list