From f04e2b87aeb6f166283fd1d26b2d6cfcc4b40906 Mon Sep 17 00:00:00 2001 From: Steve Kemp Date: Wed, 13 Jul 2016 12:46:20 +0300 Subject: Retry SSL checks on negotiation failure. This prevents an endless loop. --- debian/changelog | 6 ++++++ lib/custodian/protocoltest/ssl.rb | 2 ++ 2 files changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 3d4c843..4ea9fbc 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +custodian (0.29) stable; urgency=low + + * Correctly handle retries on SSL negotiation failures. + + -- Steve Kemp Wed, 13 Jul 2016 12:44:21 +0100 + custodian (0.28) stable; urgency=low * Added TFTP protocol tester. diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb index 170a6f0..536879e 100644 --- a/lib/custodian/protocoltest/ssl.rb +++ b/lib/custodian/protocoltest/ssl.rb @@ -173,8 +173,10 @@ class SSLCheck end rescue OpenSSL::SSL::SSLError => err unless retried + # # retry with a different context # + retried = true ctx = OpenSSL::SSL::SSLContext.new(:SSLv3_client) retry end -- cgit v1.2.1