[PATCH] Don't retry on SSL failures
Mathieu Bridon
bochecha at fedoraproject.org
Sun Jun 28 11:23:31 UTC 2015
On Fri, 2015-06-12 at 22:06 -0500, Jon wrote:
> This appears to work as you intend.
>
> I restored a very old and expired backup copy of my .fedora.cert
> file.
> Then attempted to scratch build an srpm:
>
> $ koji build --scratch --nowait f23 /home/jdisnard/fedora
> -scm/glmark2/glmark2-2014.03-3.fc23.src.rpm
> Error: [('SSL routines', 'SSL3_READ_BYTES', 'sslv3 alert certificate
> revoked'), ('SSL routines', 'SSL3_READ_BYTES', 'ssl handshake
> failure')]
>
>
> My only question is why the previous OpenSSL import line was
> commented-out ? Care to speculate? I'm guessing the SSLCommon was
> enough?
It was commented out in commit
9e9549d994d750e5eca0729afd30eef794e129fc. At
that point, it hadn't been needed for a while, so I'm not sure why it
wasn't just removed.
The import hadn't been needed since commit
54f79ff665fd4147b889b1e18e5846de3476b4e4, which is the one that
introduced the retry mechanism.
Before this commit, there was a similar code to the one I'm introducing
in this patch: the code would just reraise the exception if it was an
SSL-related error.
My guess is that when the code was made to retry a few times on
failures, it was omitted that there isn't a need to retry if the
problem is with the SSL certs.
My patch just reintroduces that, as IMHO it shouldn't have been removed
in the first place.
> Regardless the patch looks good.
>
> ACK
Thanks. Could this be merged, then?
--
Mathieu
More information about the buildsys
mailing list