[PATCH, applied] fedabipkgdiff: Don't choke Koji servers with self-signed SSL certs

[PATCH, applied] fedabipkgdiff: Don't choke Koji servers with self-signed SSL certs

[Dodji Seketeli]

Hello,

When doing some tests on particular Koji instances, the
Brew::getPackage function was choking because its underlying http
client would could not verify the self-signed SSL certificate used by
the server.

This patch sets the default option of the client so that it avoids
verifying SSL certificates altogether.

	* fedabipkgdiff (Brew::__init__): Se the "no_ssl_verify" option to
	false by default.

Signed-off-by: Dodji Seketeli <dodji@redhat.com>
---
 tools/fedabipkgdiff | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/tools/fedabipkgdiff b/tools/fedabipkgdiff
index e9c211cf..d961c7dd 100755
--- a/tools/fedabipkgdiff
+++ b/tools/fedabipkgdiff
@@ -659,6 +659,10 @@ class Brew(object):
         used to access koji XMLRPC APIs.
         """
         self.session = koji.ClientSession(baseurl)
+        # I am instructing the http client to avoid verifying SSL
+        # certificates by default as some Koji server instance might
+        # use self-signed certficates that can't be easily verified.
+        self.session.opts.setdefault('no_ssl_verify', True)
 
     @log_call
     def listRPMs(self, buildID=None, arches=None, selector=None):
-- 
2.39.3


-- 
		Dodji

Re: [PATCH, applied] fedabipkgdiff: Don't choke Koji servers with self-signed SSL certs

[Dodji Seketeli]

Dodji Seketeli via Libabigail <libabigail@sourceware.org> a écrit:

> Hello,
>
> When doing some tests on particular Koji instances, the
> Brew::getPackage function was choking because its underlying http
> client would could not verify the self-signed SSL certificate used by
> the server.
>
> This patch sets the default option of the client so that it avoids
> verifying SSL certificates altogether.
>
> 	* fedabipkgdiff (Brew::__init__): Se the "no_ssl_verify" option to
> 	false by default.

This patch triggered some errors, unfortunately.

So I've applied this one to fix those.

From 3c68b44ea459e63769f7b498d70472c74727260d Mon Sep 17 00:00:00 2001
From: Dodji Seketeli <dodji@redhat.com>
Date: Thu, 6 Jul 2023 16:03:22 +0200
Subject: [PATCH] fedabipkgdiff: Fix previous commit

In the previous commit, I wrongly assumed that all Brew koji session objects
have a an "opts" attribute.  Fixed thus.

	 * tools/fedabipkgdiff (Brew::__init__): Do not try to access the
	'opts' attribute on sessions that don't have any.

Signed-off-by: Dodji Seketeli <dodji@redhat.com>
---
 tools/fedabipkgdiff | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tools/fedabipkgdiff b/tools/fedabipkgdiff
index d961c7dd..ca94a3f9 100755
--- a/tools/fedabipkgdiff
+++ b/tools/fedabipkgdiff
@@ -662,7 +662,8 @@ class Brew(object):
         # I am instructing the http client to avoid verifying SSL
         # certificates by default as some Koji server instance might
         # use self-signed certficates that can't be easily verified.
-        self.session.opts.setdefault('no_ssl_verify', True)
+        if (hasattr(self.session, 'opts')):
+            self.session.opts.setdefault('no_ssl_verify', True)
 
     @log_call
     def listRPMs(self, buildID=None, arches=None, selector=None):
-- 
2.39.3



-- 
		Dodji