Commit 7be0894f authored by Stavros Sachtouris's avatar Stavros Sachtouris Committed by Giorgos Korfiatis
Browse files

On SSL error, fall back to default certificates

Create a decorator "ssl_fall_back" which catches a KamakiSSLError,
patches kamaki with the default certificates bundle and reruns the
failed method.

The decorator is used on the "SyncerSettings._get_pithos_client"
method, because this is the first point of SSL failure.

The default certificates bundle is acquired from the package
"certifi", which has been added to dependencies.
parent b939be51
......@@ -22,7 +22,7 @@ from agkyra.syncer.database import SqliteFileStateDB
from agkyra.syncer.messaging import Messager
from agkyra.syncer import utils
from kamaki.clients import ClientError
from kamaki.clients import ClientError, KamakiSSLError
from kamaki.clients.astakos import AstakosClient
from kamaki.clients.pithos import PithosClient
......@@ -50,6 +50,23 @@ def get_instance(elems):
return utils.hash_string(data)
def ssl_fall_back(method):
"""Catch an SSL error while executing a method, patch kamaki and retry"""
def wrap(self, *args, **kwargs):
return method(self, *args, **kwargs)
except KamakiSSLError as ssle:
logger.debug('Kamaki SSL failed %s' % ssle)
'Kamaki SSL failed, fall back to certifi (mozilla certs)')
import certifi
return method(self, *args, **kwargs)
wrap.__name__ = method.__name__
wrap.__doc__ = method.__doc__
return wrap
class SyncerSettings():
def __init__(self, auth_url, auth_token, container, local_root_path,
*args, **kwargs):
......@@ -155,6 +172,7 @@ class SyncerSettings():
return path
def _get_pithos_client(self, auth_url, token, container):
astakos = AstakosClient(auth_url, token)
......@@ -176,8 +194,8 @@ class SyncerSettings():
except ClientError as e:
if e.status == 404:
logger.warning("Container '%s' does not exist, creating..."
% container)
"Container '%s' does not exist, creating..." % container)
except ClientError:
......@@ -40,6 +40,7 @@ INSTALL_REQUIRES = [
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment