From 21d6a616641ae1d613e47391e7bcfa178f475390 Mon Sep 17 00:00:00 2001
From: Michal Suchanek <msuchanek@suse.de>
Date: Aug 23 2022 11:52:10 +0000
Subject: MyBS: Avoid lock recursion in certificate check


SUSE::MyBS::new tries to fix up API connection error by setting the SUSE
CA certificate as the SSL trust root.

Check that the error is caused by bad certificate, and don't handle
other errors so that users can see authentication errors correctly.

Also unlock the cookie storage in case the problem is resolved with
using the built-in certificate.

Signed-off-by: Michal Suchanek <msuchanek@suse.de>

---

diff --git a/scripts/lib/SUSE/MyBS.pm b/scripts/lib/SUSE/MyBS.pm
index fa1e3bf..ce9f37d 100644
--- a/scripts/lib/SUSE/MyBS.pm
+++ b/scripts/lib/SUSE/MyBS.pm
@@ -166,13 +166,19 @@ sub new {
 			$self->get("/about");
 		};
 		if ($@) {
-			# Use the canned certificate as a backup
-			# XXX: Check that we really got an unknown cert error
-			(my $pkg = __PACKAGE__) =~ s@::@/@g;
-			$pkg .= ".pm";
-			(my $cert = $INC{$pkg}) =~ s@[^/]*$@@;
-			$cert .= "SUSE_Trust_Root.pem";
-			$self->{ua}->ssl_opts(SSL_ca_file => $cert);
+			my $error = $@;
+			if ($@ =~ /certificate verify failed/) {
+				$self->unlock_cookie();
+				# Use the canned certificate as a backup
+				# XXX: Check that we really got an unknown cert error
+				(my $pkg = __PACKAGE__) =~ s@::@/@g;
+				$pkg .= ".pm";
+				(my $cert = $INC{$pkg}) =~ s@[^/]*$@@;
+				$cert .= "SUSE_Trust_Root.pem";
+				$self->{ua}->ssl_opts(SSL_ca_file => $cert);
+			} else {
+				die $error;
+			}
 		}
 	}
 	return $self;
@@ -264,8 +270,16 @@ sub lock_cookie {
 sub DESTROY {
 	my $self = $_[0];
 
+	$self->unlock_cookie();
+}
+
+sub unlock_cookie {
+	my $self = $_[0];
+
 	if ($self->{lock}) {
 		unlink($lockfile, $self->{cookiefile});
+		$self->{lock} = undef;
+		$self->{cookiefile} = undef;
 	}
 }