koji

Clone

#2753 drop PyOpenSSL usage
Merged 3 years ago by tkopecek. Opened 3 years ago by tkopecek.
tkopecek/koji issue2752  into  master

file modified
-2 
@@ -119,7 +119,6 @@ 
 

  %else
 

  Requires: rpm-python
 

  %endif
 

- Requires: pyOpenSSL
 

  Requires: python-requests
 

  Requires: python-requests-gssapi
 

  Requires: python-dateutil
 
@@ -139,7 +138,6 @@ 
 

  %else
 

  Requires: rpm-python%{python3_pkgversion}
 

  %endif
 

- Requires: python%{python3_pkgversion}-pyOpenSSL
 

  Requires: python%{python3_pkgversion}-requests
 

  %if 0%{?fedora} >= 32 || 0%{?rhel} >= 8
 

  Requires: python%{python3_pkgversion}-requests-gssapi > 1.2.1

file modified
+1 -50 
@@ -68,15 +68,6 @@ 
 

  __version__ = _version.__version__
 

  __version_info__ = _version.__version_info__
 

  

- SSL_Error = None
 

- try:
 

-     from OpenSSL.SSL import Error as SSL_Error
 

- except Exception:  # pragma: no cover
 

-     # the hub imports koji, and sometimes this import fails there
 

-     # see: https://cryptography.io/en/latest/faq/#starting-cryptography-using-mod-wsgi-produces-an-internalerror-during-a-call-in-register-osrandom-engine  # noqa: E501
 

-     # unfortunately the workaround at the above link does not always work, so
 

-     # we ignore it here
 

-     pass
 

  try:
 

      import requests_gssapi as reqgssapi
 

  except ImportError:  # pragma: no cover
 
@@ -2275,46 +2266,6 @@ 
 

      return False
 

  

  

- def is_cert_error(e):
 

-     """Determine if an OpenSSL error is due to a bad cert"""
 

- 

-     if SSL_Error is None:  # pragma: no cover
 

-         # import failed, so we can't determine
 

-         raise Exception("OpenSSL library did not load")
 

-     if not isinstance(e, SSL_Error):
 

-         return False
 

- 

-     # pyOpenSSL doesn't use different exception
 

-     # subclasses, we have to actually parse the args
 

-     for arg in e.args:
 

-         # First, check to see if 'arg' is iterable because
 

-         # it can be anything..
 

-         try:
 

-             iter(arg)
 

-         except TypeError:
 

-             continue
 

- 

-         # We do all this so that we can detect cert expiry
 

-         # so we can avoid retrying those over and over.
 

-         for items in arg:
 

-             try:
 

-                 iter(items)
 

-             except TypeError:
 

-                 continue
 

- 

-             if len(items) != 3:
 

-                 continue
 

- 

-             _, _, ssl_reason = items
 

- 

-             if ('certificate revoked' in ssl_reason or
 

-                     'certificate expired' in ssl_reason):
 

-                 return True
 

- 

-     # otherwise
 

-     return False
 

- 

- 

  def is_conn_error(e):
 

      """Determine if an error seems to be from a dropped connection"""
 

      # This is intended for the case where e is a socket error.
 
@@ -2806,7 +2757,7 @@ 
 

                      tb_str = ''.join(traceback.format_exception(*sys.exc_info()))
 

                      self.new_session()
 

  

-                     if is_cert_error(e) or is_requests_cert_error(e):
 

+                     if is_requests_cert_error(e):
 

                          # There's no point in retrying for this
 

                          raise

file modified
-1 
@@ -11,7 +11,6 @@ 
 

  

      requires = [
 

          'python-dateutil',
 

-         'pyOpenSSL',
 

          'requests',
 

          'requests-gssapi',
 

          'six',

file modified
-11 
@@ -36,17 +36,6 @@ 
 

  import koji.tasks
 

  

  

- class NoSuchException(Exception):
 

-     pass
 

- 

- 

- try:
 

-     # pyOpenSSL might not be around
 

-     from OpenSSL.SSL import Error as SSL_Error
 

- except Exception:
 

-     SSL_Error = NoSuchException
 

- 

- 

  themeInfo = {}
 

  themeCache = {}

We've replaced it with requests library some time ago, this code has no
better sensitivity than requests error checking, so we can drop it
completely.

Fixes: https://pagure.io/koji/issue/2752

:thumbsup:

Metadata Update from @tkopecek:
- Pull-request tagged with: testing-ready
3 years ago

I have not tested this, but it looks sane

Metadata Update from @jobrauer:
- Pull-request tagged with: testing-done
3 years ago

My only (slight) concern here is removing the is_cert_error() function from the lib. However, I think it is ok. While the function isn't specifically marked as private, it is definitely not meant to be used directly by clients, and I don't believe any do. A web search for "is_cert_error" only pulls up koji and a couple clearly unrelated items.

So, :thumbsup:

Commit b5c8d41 fixes this pull-request

Pull-Request has been merged by tkopecek
3 years ago
Metadata
None

testing-ready testing-done

Changes Summary 4
+0 -2
file changed
koji.spec
+1 -50
file changed
koji/__init__.py
+0 -1
file changed
setup.py
+0 -11
file changed
www/lib/kojiweb/util.py
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.