Properly catch SSL errors. When a connection could not be
established, the ddns client will try again. If an invalid
certificate is presented future updates are held back for
the usual time.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
reason = N_("The server denies any updates from this client")
+class DDNSCertificateError(DDNSError):
+ """
+ Thrown when a server presented an invalid certificate.
+ """
+ reason = N_("Invalid certificate")
+
+
class DDNSConfigurationError(DDNSError):
"""
Thrown when invalid or insufficient
reason = N_("Could not resolve DNS entry")
+class DDNSSSLError(DDNSNetworkError):
+ """
+ Raised when a SSL connection could not be
+ negotiated.
+ """
+ reason = N_("SSL negotiation error")
+
+
class DDNSServiceUnavailableError(DDNSNetworkError):
"""
Equivalent to HTTP error code 503.
import base64
import re
+import ssl
import socket
import urllib
import urllib2
except urllib2.URLError, e:
if e.reason:
+ # Handle SSL errors
+ if isinstance(e.reason, ssl.SSLError):
+ e = e.reason
+
+ if e.reason == "CERTIFICATE_VERIFY_FAILED":
+ raise DDNSCertificateError
+
+ # Raise all other SSL errors
+ raise DDNSSSLError(e.reason)
+
# Name or service not known
if e.reason.errno == -2:
raise DDNSResolveError