From b2a9b334becf5a155d5853a6a228b15689400b8e Mon Sep 17 00:00:00 2001 From: Osma Ahvenlampi Date: Wed, 12 Jul 2023 18:51:08 +0300 Subject: [PATCH] Resubmit: Be quieter about remote hosts with invalid SSL certs (#595) --- core/signatures.py | 5 +++++ users/models/domain.py | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/core/signatures.py b/core/signatures.py index 6db4507..5b3c96f 100644 --- a/core/signatures.py +++ b/core/signatures.py @@ -1,5 +1,6 @@ import base64 import json +from ssl import SSLCertVerificationError, SSLError from typing import Literal, TypedDict, cast from urllib.parse import urlparse @@ -249,6 +250,10 @@ class HttpSignature: content=body_bytes, follow_redirects=method == "get", ) + except SSLError as invalid_cert: + # Not our problem if the other end doesn't have proper SSL + print(f"{uri} {invalid_cert}") + raise SSLCertVerificationError(invalid_cert) from invalid_cert except InvalidCodepoint as ex: # Convert to a more generic error we handle raise httpx.HTTPError(f"InvalidCodepoint: {str(ex)}") from None diff --git a/users/models/domain.py b/users/models/domain.py index a3ca0e1..99608bd 100644 --- a/users/models/domain.py +++ b/users/models/domain.py @@ -175,7 +175,7 @@ class Domain(StatorModel): ) except httpx.HTTPError: pass - except ssl.SSLCertVerificationError: + except (ssl.SSLCertVerificationError, ssl.SSLError): return None else: try: