From bc39552009aea392e5ccd990a3fe27aaad83605b Mon Sep 17 00:00:00 2001
From: ValdikSS <iam@valdikss.org.ru>
Date: Sat, 3 Jun 2017 21:15:35 +0300
Subject: [PATCH] Final fix for all HTTPS check problems. I promise. No
 false-posivides now.

We handled SSLErrors as certificate masquerading errors, which is not always true.
For now we still search 'CERTIFICATE_VERIFY_FAILED' in SSLError exception
for compatibility with older Python versions.
---
 blockcheck.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/blockcheck.py b/blockcheck.py
index d4a559d..55e72f0 100755
--- a/blockcheck.py
+++ b/blockcheck.py
@@ -301,11 +301,13 @@ def http_error_302(self, req, fp, code, msg, headers):
             (':' in ip if ip else False) else 'IPv4'))
         try:
             conn.connect((ip if ip else host, 443))
-        except (ssl.CertificateError, ssl.SSLError) as e:
+        except (ssl.CertificateError) as e:
             print_debug("_get_url: ssl.CertificateError", repr(e))
             return (-1, '')
-        except (socket.timeout, socket.error) as e:
+        except (ssl.SSLError, socket.timeout, socket.error) as e:
             print_debug("_get_url: socket exception", repr(e))
+            if 'CERTIFICATE_VERIFY_FAILED' in str(e):
+                return (-1, '')
             return (0, '')
         finally:
             try:
@@ -351,10 +353,10 @@ def http_error_302(self, req, fp, code, msg, headers):
         if (headers):
             output = str(opened.headers) + output
         opened.close()
-    except (ssl.CertificateError, ssl.SSLError) as e:
+    except (ssl.CertificateError) as e:
         print_debug("_get_url: late ssl.CertificateError", repr(e))
         return (-1, '')
-    except (urllib.error.URLError, socket.error, socket.timeout) as e:
+    except (urllib.error.URLError, ssl.SSLError, socket.error, socket.timeout) as e:
         print_debug("_get_url: late socket exception", repr(e))
         if 'CERTIFICATE_VERIFY_FAILED' in str(e):
             return (-1, '')