Resubmit: Be quieter about remote hosts with invalid SSL certs (#595)

core/signatures.py

@@ -1,5 +1,6 @@
 import base64
 import json
+from ssl import SSLCertVerificationError, SSLError
 from typing import Literal, TypedDict, cast
 from urllib.parse import urlparse
 
@@ -249,6 +250,10 @@ class HttpSignature:
                     content=body_bytes,
                     follow_redirects=method == "get",
                 )
+            except SSLError as invalid_cert:
+                # Not our problem if the other end doesn't have proper SSL
+                print(f"{uri} {invalid_cert}")
+                raise SSLCertVerificationError(invalid_cert) from invalid_cert
             except InvalidCodepoint as ex:
                 # Convert to a more generic error we handle
                 raise httpx.HTTPError(f"InvalidCodepoint: {str(ex)}") from None

users/models/domain.py

@@ -175,7 +175,7 @@ class Domain(StatorModel):
                 )
             except httpx.HTTPError:
                 pass
-            except ssl.SSLCertVerificationError:
+            except (ssl.SSLCertVerificationError, ssl.SSLError):
                 return None
             else:
                 try: