[PATCH] Don't retry on SSL failures
Dan HorĂ¡k
dan at danny.cz
Fri Jul 24 20:32:40 UTC 2015
On Fri, 12 Jun 2015 23:26:34 +0200
Mathieu Bridon <bochecha at fedoraproject.org> wrote:
> From: Mathieu Bridon <bochecha at daitauha.fr>
>
> With the current code, trying to SSL-login with a bad certificate will
> just make it look like the client code is hanging.
>
> That's because it tries and tries again, silently, until it reaches
> it's maximum retry limit.
>
> But in the case of an SSL error, such as an expired client cert,
> there's really no point in retrying.
this change caused us troubles with the new s390 hub and had to be
reverted at the end
http://s390.koji.fedoraproject.org/koji/taskinfo?taskID=1919798
aka "SysCallError: (-1, 'Unexpected EOF')"
with koji 1.10 (from Fedora Infra repos)
same result with the proposed patch
(paste.fedoraproject.org/247278/63976214/)
only after reverting 4de27c52de I got successful newRepo
Dan
> ---
> koji/__init__.py | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/koji/__init__.py b/koji/__init__.py
> index 58971da..9ebe83a 100644
> --- a/koji/__init__.py
> +++ b/koji/__init__.py
> @@ -57,7 +57,7 @@ import xmlrpclib
> import xml.sax
> import xml.sax.handler
> from xmlrpclib import loads, dumps, Fault
> -#import OpenSSL.SSL
> +import OpenSSL
> import zipfile
>
> def _(args):
> @@ -1938,6 +1938,9 @@ class ClientSession(object):
> except (SystemExit, KeyboardInterrupt):
> #(depending on the python version, these may or
> #may not be subclasses of Exception)
> raise
> + except OpenSSL.SSL.Error as e:
> + # There's no point in retrying this
> + raise
> except Exception, e:
> self._close_connection()
> if not self.logged_in:
> --
> 2.4.3
>
> --
> buildsys mailing list
> buildsys at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/buildsys
More information about the buildsys
mailing list