Final fix for all HTTPS check problems. I promise. No false-posivides…

… now. We handled SSLErrors as certificate masquerading errors, which is not always true. For now we still search 'CERTIFICATE_VERIFY_FAILED' in SSLError exception for compatibility with older Python versions.
ValdikSS · Jun 3, 2017 · bc39552 · bc39552
1 parent 61dd722
commit bc39552
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/blockcheck.py b/blockcheck.py
@@ -301,11 +301,13 @@ def http_error_302(self, req, fp, code, msg, headers):
             (':' in ip if ip else False) else 'IPv4'))
         try:
             conn.connect((ip if ip else host, 443))
-        except (ssl.CertificateError, ssl.SSLError) as e:
+        except (ssl.CertificateError) as e:
             print_debug("_get_url: ssl.CertificateError", repr(e))
             return (-1, '')
-        except (socket.timeout, socket.error) as e:
+        except (ssl.SSLError, socket.timeout, socket.error) as e:
             print_debug("_get_url: socket exception", repr(e))
+            if 'CERTIFICATE_VERIFY_FAILED' in str(e):
+                return (-1, '')
             return (0, '')
         finally:
             try:
@@ -351,10 +353,10 @@ def http_error_302(self, req, fp, code, msg, headers):
         if (headers):
             output = str(opened.headers) + output
         opened.close()
-    except (ssl.CertificateError, ssl.SSLError) as e:
+    except (ssl.CertificateError) as e:
         print_debug("_get_url: late ssl.CertificateError", repr(e))
         return (-1, '')
-    except (urllib.error.URLError, socket.error, socket.timeout) as e:
+    except (urllib.error.URLError, ssl.SSLError, socket.error, socket.timeout) as e:
         print_debug("_get_url: late socket exception", repr(e))
         if 'CERTIFICATE_VERIFY_FAILED' in str(e):
             return (-1, '')