From 699865de19804eecb71bbaaf8b549d15d4c661ac Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Nov 23 2016 15:52:29 +0000
Subject: Determine if a request error is caused by certificates with requests


Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

---

diff --git a/koji/__init__.py b/koji/__init__.py
index 768574d..57e473b 100644
--- a/koji/__init__.py
+++ b/koji/__init__.py
@@ -1840,6 +1840,24 @@ class PathInfo(object):
 pathinfo = PathInfo()
 
 
+def is_requests_cert_error(e):
+    """Determine if a requests error is due to a bad cert"""
+
+    if requests is None:  #pragma: no cover
+        # We are not using requests, so this is not a requests cert error
+        return False
+    if not isinstance(e, requests.exceptions.SSLError):
+        return False
+
+    # Using str(e) is slightly ugly, but the error stacks in python-requests
+    # are way more ugly.
+    if ('certificate revoked' in str(e) or
+            'certificate expired' in str(e)):
+        return True
+
+    return False
+
+
 def is_cert_error(e):
     """Determine if an OpenSSL error is due to a bad cert"""
 
@@ -2355,7 +2373,7 @@ class ClientSession(object):
                     tb_str = ''.join(traceback.format_exception(*sys.exc_info()))
                     self.new_session()
 
-                    if is_cert_error(e):
+                    if is_cert_error(e) or is_requests_cert_error(e):
                         # There's no point in retrying for this
                         raise