Rev 6259: The https test server will now refuse connections if an ssl error occurs during the handshake. Ssl errors and certificate errors aborts requests without re-trying them. in file:///home/vila/src/bzr/reviews/urllib-verifies-ssl-certs/

[Vincent Ladeuil]

At file:///home/vila/src/bzr/reviews/urllib-verifies-ssl-certs/

------------------------------------------------------------
revno: 6259
revision-id: v.ladeuil+lp at free.fr-20120119171427-xhxthhw3mtz35hpf
parent: v.ladeuil+lp at free.fr-20120119163608-77v8z7firiewep4o
committer: Vincent Ladeuil <v.ladeuil+lp at free.fr>
branch nick: urllib-verifies-ssl-certs
timestamp: Thu 2012-01-19 18:14:27 +0100
message:
  The https test server will now refuse connections if an ssl error occurs during the handshake. Ssl errors and certificate errors aborts requests without re-trying them.
-------------- next part --------------
=== modified file 'bzrlib/tests/https_server.py'
--- a/bzrlib/tests/https_server.py	2011-01-10 22:20:12 +0000
+++ b/bzrlib/tests/https_server.py	2012-01-19 17:14:27 +0000
@@ -49,7 +49,13 @@
         serving = test_server.TestingTCPServerMixin.verify_request(
             self, request, client_address)
         if serving:
-            request.do_handshake()
+            try:
+                request.do_handshake()
+            except ssl.SSLError, e:
+                # FIXME: We proabaly want more tests to capture which ssl
+                # errors are worth reporting but mostly our tests want an https
+                # server that works -- vila 2012-01-19
+                return False
         return serving
 
     def ignored_exceptions_during_shutdown(self, e):

=== modified file 'bzrlib/transport/http/_urllib2_wrappers.py'
--- a/bzrlib/transport/http/_urllib2_wrappers.py	2012-01-04 23:47:39 +0000
+++ b/bzrlib/transport/http/_urllib2_wrappers.py	2012-01-19 17:14:27 +0000
@@ -413,13 +413,12 @@
                         return
                     dnsnames.append(value)
     if len(dnsnames) > 1:
-        raise errors.CertificateError("hostname %r "
-            "doesn't match either of %s"
+        raise errors.CertificateError(
+            "hostname %r doesn't match either of %s"
             % (hostname, ', '.join(map(repr, dnsnames))))
     elif len(dnsnames) == 1:
-        raise errors.CertificateError("hostname %r "
-            "doesn't match %r"
-            % (hostname, dnsnames[0]))
+        raise errors.CertificateError("hostname %r doesn't match %r" %
+                                      (hostname, dnsnames[0]))
     else:
         raise errors.CertificateError("no appropriate commonName or "
             "subjectAltName fields were found")
@@ -788,6 +787,10 @@
                     % (request, request.connection.sock.getsockname())
             response = connection.getresponse()
             convert_to_addinfourl = True
+        except (ssl.SSLError, errors.CertificateError):
+            # Something is wrong with either the certificate or the hostname,
+            # re-trying won't help
+            raise
         except (socket.gaierror, httplib.BadStatusLine, httplib.UnknownProtocol,
                 socket.error, httplib.HTTPException):
             response = self.retry_or_raise(http_class, request, first_try)