[PATCH] Don't retry on SSL failures
Pavol Babincak
pbabinca at redhat.com
Mon Jun 29 08:42:30 UTC 2015
On 06/28/2015 01:23 PM, Mathieu Bridon wrote:
> On Fri, 2015-06-12 at 22:06 -0500, Jon wrote:
>> This appears to work as you intend.
>>
>> I restored a very old and expired backup copy of my .fedora.cert
>> file.
>> Then attempted to scratch build an srpm:
>>
>> $ koji build --scratch --nowait f23 /home/jdisnard/fedora
>> -scm/glmark2/glmark2-2014.03-3.fc23.src.rpm
>> Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate
>> revoked'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake
>> failure')]
>>
>>
>> My only question is why the previous OpenSSL import line was
>> commented-out ? Care to speculate? I'm guessing the SSLCommon was
>> enough?
>
> It was commented out in commit
> 9e9549d994d750e5eca0729afd30eef794e129fc. At
> that point, it hadn't been needed for a while, so I'm not sure why it
> wasn't just removed.
>
> The import hadn't been needed since commit
> 54f79ff665fd4147b889b1e18e5846de3476b4e4, which is the one that
> introduced the retry mechanism.
>
> Before this commit, there was a similar code to the one I'm introducing
> in this patch: the code would just reraise the exception if it was an
> SSL-related error.
>
> My guess is that when the code was made to retry a few times on
> failures, it was omitted that there isn't a need to retry if the
> problem is with the SSL certs.
>
> My patch just reintroduces that, as IMHO it shouldn't have been removed
> in the first place.
>
>> Regardless the patch looks good.
>>
>> ACK
>
> Thanks. Could this be merged, then?
>
>
Btw. this patch may fix the bug filed against fedkg too:
https://bugzilla.redhat.com/show_bug.cgi?id=1207178
--
Pavol Babincak
Release Engineering, Red Hat
More information about the buildsys
mailing list