Use custom exception type for SSL issues #25

robin-nitrokey · 2023-09-28T09:14:31Z

Currently, we have some awkward code in pynitrokey to dectect self-signed SSL certificates:

        try:
            yield nethsm
        except nethsm_sdk.NetHSMError as e:
            raise click.ClickException(e)
        except urllib3.exceptions.MaxRetryError as e:
            if isinstance(e.reason, urllib3.exceptions.SSLError):
                raise click.ClickException(
                    f"Could not connect to the NetHSM: {e.reason}\nIf you use a self-signed certificate, please set the --no-verify-tls option."
                )
            else:
                raise e

It would be nice if we would not have to assume that urllib3 is used and could just check some NetHSM exception types. The urllib3 exceptions could be wrapped in NetHSMError instances and set a special flag if it is an SSL error, or a new exception could be introduced for SSL errors.

The text was updated successfully, but these errors were encountered:

nponsard self-assigned this Sep 28, 2023

nponsard linked a pull request Sep 28, 2023 that will close this issue

refactor: exception handling #27

Merged

nponsard closed this as completed in #27 Sep 29, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use custom exception type for SSL issues #25

Use custom exception type for SSL issues #25

robin-nitrokey commented Sep 28, 2023

Use custom exception type for SSL issues #25

Use custom exception type for SSL issues #25

Comments

robin-nitrokey commented Sep 28, 2023