From f04e2b87aeb6f166283fd1d26b2d6cfcc4b40906 Mon Sep 17 00:00:00 2001
From: Steve Kemp <steve@steve.org.uk>
Date: Wed, 13 Jul 2016 12:46:20 +0300
Subject: Retry SSL checks on negotiation failure.

This prevents an endless loop.
---
 debian/changelog                  | 6 ++++++
 lib/custodian/protocoltest/ssl.rb | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 3d4c843..4ea9fbc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+custodian (0.29) stable; urgency=low
+
+  * Correctly handle retries on SSL negotiation failures.
+
+ -- Steve Kemp <steve@bytemark.co.uk>  Wed, 13 Jul 2016 12:44:21 +0100
+
 custodian (0.28) stable; urgency=low
 
   * Added TFTP protocol tester.
diff --git a/lib/custodian/protocoltest/ssl.rb b/lib/custodian/protocoltest/ssl.rb
index 170a6f0..536879e 100644
--- a/lib/custodian/protocoltest/ssl.rb
+++ b/lib/custodian/protocoltest/ssl.rb
@@ -173,8 +173,10 @@ class SSLCheck
       end
     rescue OpenSSL::SSL::SSLError => err
       unless retried
+        #
         # retry with a different context
         #
+        retried = true
         ctx = OpenSSL::SSL::SSLContext.new(:SSLv3_client)
         retry
       end
-- 
cgit v1.2.1