From 9af4c393f51001c672fb3faa5b03beb022a600b2 Mon Sep 17 00:00:00 2001 From: Mike McLean Date: Nov 22 2016 21:41:31 +0000 Subject: move is_cert_error(); require python-requests --- diff --git a/koji.spec b/koji.spec index 5d12d27..3beff7e 100644 --- a/koji.spec +++ b/koji.spec @@ -28,6 +28,7 @@ BuildArch: noarch Requires: python-krbV >= 1.0.13 Requires: rpm-python Requires: pyOpenSSL +Requires: python-requests Requires: python-urlgrabber Requires: python-dateutil BuildRequires: python diff --git a/koji/__init__.py b/koji/__init__.py index 7e17468..15a3633 100644 --- a/koji/__init__.py +++ b/koji/__init__.py @@ -38,6 +38,7 @@ import imp import logging import logging.handlers from koji.util import md5_constructor +from OpenSSL.SSL import Error as SSL_Error import optparse import os import os.path @@ -49,7 +50,6 @@ import rpm import shutil import signal import socket -import ssl.SSLCommon try: from ssl import ssl as pyssl except ImportError: # pragma: no cover @@ -1811,6 +1811,44 @@ class PathInfo(object): pathinfo = PathInfo() + +def is_cert_error(e): + """Determine if an OpenSSL error is due to a bad cert""" + + if not isinstance(e, SSL_Error): + return False + + # pyOpenSSL doesn't use different exception + # subclasses, we have to actually parse the args + for arg in e.args: + # First, check to see if 'arg' is iterable because + # it can be anything.. + try: + iter(arg) + except TypeError: + continue + + # We do all this so that we can detect cert expiry + # so we can avoid retrying those over and over. + for items in arg: + try: + iter(items) + except TypeError: + continue + + if len(items) != 3: + continue + + _, _, ssl_reason = items + + if ('certificate revoked' in ssl_reason or + 'certificate expired' in ssl_reason): + return True + + #otherwise + return False + + class VirtualMethod(object): # some magic to bind an XML-RPC method to an RPC server. # supports "nested" methods (e.g. examples.getStateName) @@ -2157,7 +2195,7 @@ class ClientSession(object): tb_str = ''.join(traceback.format_exception(*sys.exc_info())) self._close_connection() - if ssl.SSLCommon.is_cert_error(e): + if is_cert_error(e): # There's no point in retrying for this raise diff --git a/koji/ssl/SSLCommon.py b/koji/ssl/SSLCommon.py index fa5e64a..ffcd5e9 100644 --- a/koji/ssl/SSLCommon.py +++ b/koji/ssl/SSLCommon.py @@ -28,43 +28,6 @@ def our_verify(connection, x509, errNum, errDepth, preverifyOK): return preverifyOK -def is_cert_error(e): - """Determine if an OpenSSL error is due to a bad cert""" - - if not isinstance(e, SSL.Error): - return False - - # pyOpenSSL doesn't use different exception - # subclasses, we have to actually parse the args - for arg in e.args: - # First, check to see if 'arg' is iterable because - # it can be anything.. - try: - iter(arg) - except TypeError: - continue - - # We do all this so that we can detect cert expiry - # so we can avoid retrying those over and over. - for items in arg: - try: - iter(items) - except TypeError: - continue - - if len(items) != 3: - continue - - _, _, ssl_reason = items - - if ('certificate revoked' in ssl_reason or - 'certificate expired' in ssl_reason): - return True - - #otherwise - return False - - def CreateSSLContext(certs): key_and_cert = certs['key_and_cert'] peer_ca_cert = certs['peer_ca_cert']