On Fri, 2015-06-12 at 22:06 -0500, Jon wrote:
This appears to work as you intend.
I restored a very old and expired backup copy of my .fedora.cert
file.
Then attempted to scratch build an srpm:
$ koji build --scratch --nowait f23 /home/jdisnard/fedora
-scm/glmark2/glmark2-2014.03-3.fc23.src.rpm
Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate
revoked'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake
failure')]
My only question is why the previous OpenSSL import line was
commented-out ? Care to speculate? I'm guessing the SSLCommon was
enough?
It was commented out in commit
9e9549d994d750e5eca0729afd30eef794e129fc. At
that point, it hadn't been needed for a while, so I'm not sure why it
wasn't just removed.
The import hadn't been needed since commit
54f79ff665fd4147b889b1e18e5846de3476b4e4, which is the one that
introduced the retry mechanism.
Before this commit, there was a similar code to the one I'm introducing
in this patch: the code would just reraise the exception if it was an
SSL-related error.
My guess is that when the code was made to retry a few times on
failures, it was omitted that there isn't a need to retry if the
problem is with the SSL certs.
My patch just reintroduces that, as IMHO it shouldn't have been removed
in the first place.
Regardless the patch looks good.
ACK
Thanks. Could this be merged, then?
--
Mathieu