Resubmit: Be quieter about remote hosts with invalid SSL certs (#595)

2024-11-21 23:01:00 +00:00 · 2023-07-12 18:51:08 +03:00 · 2023-07-12 18:51:08 +03:00 · b2a9b334be
commit b2a9b334be
parent 5549d21528
2 changed files with 6 additions and 1 deletions
--- a/core/signatures.py
+++ b/core/signatures.py
@ -1,5 +1,6 @@
 import base64
 import json
+from ssl import SSLCertVerificationError, SSLError
 from typing import Literal, TypedDict, cast
 from urllib.parse import urlparse

@ -249,6 +250,10 @@ class HttpSignature:
                    content=body_bytes,
                    follow_redirects=method == "get",
                )
+            except SSLError as invalid_cert:
+                # Not our problem if the other end doesn't have proper SSL
+                print(f"{uri} {invalid_cert}")
+                raise SSLCertVerificationError(invalid_cert) from invalid_cert
            except InvalidCodepoint as ex:
                # Convert to a more generic error we handle
                raise httpx.HTTPError(f"InvalidCodepoint: {str(ex)}") from None
--- a/users/models/domain.py
+++ b/users/models/domain.py
@ -175,7 +175,7 @@ class Domain(StatorModel):
                )
            except httpx.HTTPError:
                pass
-            except ssl.SSLCertVerificationError:
+            except (ssl.SSLCertVerificationError, ssl.SSLError):
                return None
            else:
                try: