On 09/25/13 12:52 PM, Yiteng Zhang wrote:
Please see the following link. Let me know if there is any problem. Thanks.
Dude, have you actually tried that code?
You are changing the handling of expiring certificates which already doesn't stop execution and will just print out a message.
Right now you changed it in a way that it will actually stop execution if you have one publisher for which the certificate will expire soon. That is even worse than the situation we had before.
What the bug is about is that expired (not expiring) certificates will stop execution after the first ExpiredCertificate exception is raised. However, if you refresh multiple publishers with expired certificates you won't get informed that more than just the first certificate has expired.
What you want to do is change
and instead of raising an ExpiredCertificate exception the first time an expired cert is encountered, you save it to a temporary variable and keep going.
After you're through with all the publishers check if any had an expired cert, then raise the exception with information about all the expired certs.
You could create a new exception class for it:
self.errors = 
Then put all the ExpiredCertificate exceptions in the errors list to save their content. In the client you can then go through this list and print the appropriate errors in one block.
[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e