python-swiftclient

retry logic bypassed for SSLError even in --insecure mode

Bug #1641363 reported by Jason Wells on 2016-11-12

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	python-swiftclient	Fix Released	Undecided	Unassigned

Bug Description

Swift Client should allow _retry() to continue if there's an SSLError in --insecure mode.

The existing code throws an exception instead of continuing to the next
retry. That may be the proper thing to do for a CertificateError, but SSLError
can also be raised on a connection reset (which should be retried).

The existing logic is very problematic when uploading a large file with many
segments. If one segment has a connection reset, the code will stop attempting
to upload that segment, but swiftclient will wait for the rest of the segments
to complete before getting the results of all the futures and refusing to
create the manifest.

Ideally, the exception handling would be further improved to only "raise" a
CertificateError.

Alternatively, the segment should be retried when in --insecure mode. That way there will be a reliable way to upload large files when Certificate Validity is not in question.

Revision history for this message

Jason Wells (two-tired) wrote on 2016-11-12:

diff --git a/swiftclient/client.py b/swiftclient/client.py
index 21cbe27..d48798d 100644
--- a/swiftclient/client.py
+++ b/swiftclient/client.py
@@ -1673,8 +1673,12 @@ class Connection(object):
                           service_token=self.service_token, **kwargs)
                 self._add_response_dict(caller_response_dict, kwargs)
                 return rv
- except SSLError:
- raise
+ except SSLError as err:
+ if self.insecure is True:
+ logger.warning('caught SSLError: ' + err)
+ pass
+ else:
+ raise
             except (socket.error, RequestException):
                 self._add_response_dict(caller_response_dict, kwargs)
                 if self.attempts > self.retries:

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-17: Fix proposed to python-swiftclient (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/python-swiftclient/+/877843

Changed in python-swiftclient:
status:	New → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-03-21: Fix merged to python-swiftclient (master)

Reviewed: https://review.opendev.org/c/openstack/python-swiftclient/+/877843
Committed: https://opendev.org/openstack/python-swiftclient/commit/099dd66265dfdc94e162eba4c1ec3a33b305bc26
Submitter: "Zuul (22348)"
Branch: master

commit 099dd66265dfdc94e162eba4c1ec3a33b305bc26
Author: Tim Burke <email address hidden>
Date: Fri Mar 17 16:14:15 2023 -0700

Retry on SSLError

...provided it isn't something to do with certification validation.

    Closes-Bug: #1641363
    Closes-Bug: #2011731
    Change-Id: Ic3acbf431e444fcd8bc0fe79571fe2db4140cf22

Changed in python-swiftclient:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-05: Fix included in openstack/python-swiftclient 4.3.0

This issue was fixed in the openstack/python-swiftclient 4.3.0 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.