From a6094ef64a5bf29796b5d880427109826dfe1950 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Mon, 3 Aug 2015 20:00:57 +0100 Subject: [PATCH] Catch SSL errors Properly catch SSL errors. When a connection could not be established, the ddns client will try again. If an invalid certificate is presented future updates are held back for the usual time. Signed-off-by: Michael Tremer Signed-off-by: Stefan Schantl --- src/ddns/errors.py | 15 +++++++++++++++ src/ddns/system.py | 11 +++++++++++ 2 files changed, 26 insertions(+) diff --git a/src/ddns/errors.py b/src/ddns/errors.py index 26bc18e..58a5ba9 100644 --- a/src/ddns/errors.py +++ b/src/ddns/errors.py @@ -64,6 +64,13 @@ class DDNSBlockedError(DDNSError): reason = N_("The server denies any updates from this client") +class DDNSCertificateError(DDNSError): + """ + Thrown when a server presented an invalid certificate. + """ + reason = N_("Invalid certificate") + + class DDNSConfigurationError(DDNSError): """ Thrown when invalid or insufficient @@ -139,6 +146,14 @@ class DDNSResolveError(DDNSNetworkError): reason = N_("Could not resolve DNS entry") +class DDNSSSLError(DDNSNetworkError): + """ + Raised when a SSL connection could not be + negotiated. + """ + reason = N_("SSL negotiation error") + + class DDNSServiceUnavailableError(DDNSNetworkError): """ Equivalent to HTTP error code 503. diff --git a/src/ddns/system.py b/src/ddns/system.py index 6a21af8..0d90ce6 100644 --- a/src/ddns/system.py +++ b/src/ddns/system.py @@ -21,6 +21,7 @@ import base64 import re +import ssl import socket import urllib import urllib2 @@ -199,6 +200,16 @@ class DDNSSystem(object): except urllib2.URLError, e: if e.reason: + # Handle SSL errors + if isinstance(e.reason, ssl.SSLError): + e = e.reason + + if e.reason == "CERTIFICATE_VERIFY_FAILED": + raise DDNSCertificateError + + # Raise all other SSL errors + raise DDNSSSLError(e.reason) + # Name or service not known if e.reason.errno == -2: raise DDNSResolveError -- 2.39.2