DaveWysochanskiRH
commented
1 year ago I looked into catching ssl.CertificateError but I could not make that work at all, so opted for the more generic SSLError.
I was also looking at ways to remove the FALLBACK_SERVER completely - maybe we change this to a config variable "DEFAULT_SERVER" or something like that, and then pick a default. I don't mind having that set on all the production systems. For our production systems we don't need the FALLBACK_SERVER and IMO it's not ideal for us. As I recall the whole "FALLBACK_SERVER" idea was a tradeoff between two users who each wanted a different default server if none was given. I think it's a different patch but was wondering what others thoughts were on it, if any.
It's not uncommon in production to have a certificate expire, and when that happens we use the FAILBACK_SERVER, but this is unlikely to be what the user wants.
This patch catches the error and gives the user possible next steps to avoid the error, similar to earlier commit cf85a18c1b29.
Signed-off-by: Dave Wysochanski dwysocha@redhat.com