Properly catch SSL errors. When a connection could not be established, the ddns client will try again. If an invalid certificate is presented future updates are held back for the usual time.

Signed-off-by: Michael Tremer michael.tremer@ipfire.org --- src/ddns/errors.py | 15 +++++++++++++++ src/ddns/system.py | 11 +++++++++++ 2 files changed, 26 insertions(+)

diff --git a/src/ddns/errors.py b/src/ddns/errors.py index 58928f3..637cf59 100644 --- a/src/ddns/errors.py +++ b/src/ddns/errors.py @@ -64,6 +64,13 @@ class DDNSBlockedError(DDNSError): reason = N_("The server denies any updates from this client")

+class DDNSCertificateError(DDNSError): + """ + Thrown when a server presented an invalid certificate. + """ + reason = N_("Invalid certificate") + + class DDNSConfigurationError(DDNSError): """ Thrown when invalid or insufficient @@ -125,6 +132,14 @@ class DDNSResolveError(DDNSNetworkError): reason = N_("Could not resolve DNS entry")

+class DDNSSSLError(DDNSNetworkError): + """ + Raised when a SSL connection could not be + negotiated. + """ + reason = N_("SSL negotiation error") + + class DDNSServiceUnavailableError(DDNSNetworkError): """ Equivalent to HTTP error code 503. diff --git a/src/ddns/system.py b/src/ddns/system.py index 79bf192..832de6b 100644 --- a/src/ddns/system.py +++ b/src/ddns/system.py @@ -21,6 +21,7 @@

import base64 import re +import ssl import socket import urllib import urllib2 @@ -193,6 +194,16 @@ class DDNSSystem(object):

except urllib2.URLError, e: if e.reason: + # Handle SSL errors + if isinstance(e.reason, ssl.SSLError): + e = e.reason + + if e.reason == "CERTIFICATE_VERIFY_FAILED": + raise DDNSCertificateError + + # Raise all other SSL errors + raise DDNSSSLError(e.reason) + # Name or service not known if e.reason.errno == -2: raise DDNSResolveError