retry logic bypassed for SSLError even in --insecure mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-swiftclient |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Swift Client should allow _retry() to continue if there's an SSLError in --insecure mode.
The existing code throws an exception instead of continuing to the next
retry. That may be the proper thing to do for a CertificateError, but SSLError
can also be raised on a connection reset (which should be retried).
The existing logic is very problematic when uploading a large file with many
segments. If one segment has a connection reset, the code will stop attempting
to upload that segment, but swiftclient will wait for the rest of the segments
to complete before getting the results of all the futures and refusing to
create the manifest.
Ideally, the exception handling would be further improved to only "raise" a
CertificateError.
Alternatively, the segment should be retried when in --insecure mode. That way there will be a reliable way to upload large files when Certificate Validity is not in question.
diff --git a/swiftclient/ client. py b/swiftclient/ client. py client. py client. py
service_ token=self. service_ token, **kwargs)
self. _add_response_ dict(caller_ response_ dict, kwargs)
return rv warning( 'caught SSLError: ' + err)
self. _add_response_ dict(caller_ response_ dict, kwargs)
index 21cbe27..d48798d 100644
--- a/swiftclient/
+++ b/swiftclient/
@@ -1673,8 +1673,12 @@ class Connection(object):
- except SSLError:
- raise
+ except SSLError as err:
+ if self.insecure is True:
+ logger.
+ pass
+ else:
+ raise
except (socket.error, RequestException):
if self.attempts > self.retries: