ssl error no retry

sdk/client.go

@@ -584,7 +584,7 @@ func (client *Client) DoActionWithSigner(request requests.AcsRequest, response r
 			}
 		}
 		//  if status code >= 500 or timeout, will trigger retry
-		if client.config.AutoRetry && (err != nil || isServerError(httpResponse)) {
+		if client.config.AutoRetry && (err != nil || isServerError(httpResponse)) && !isCertificateError(err) {
 			client.setTimeout(request)
 			// rewrite signatureNonce and signature
 			httpRequest, err = client.buildRequestWithSigner(request, signer)
@@ -609,6 +609,13 @@ func (client *Client) DoActionWithSigner(request requests.AcsRequest, response r
 	return
 }
 
+func isCertificateError(err error) bool {
+	if err != nil && strings.Contains(err.Error(), "x509: certificate signed by unknown authority") {
+		return true
+	}
+	return false
+}
+
 func putMsgToMap(fieldMap map[string]string, request *http.Request) {
 	fieldMap["{host}"] = request.Host
 	fieldMap["{method}"] = request.Method

sdk/client_test.go

@@ -16,6 +16,7 @@ package sdk
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -314,6 +315,16 @@ func Test_DoAction_HTTPSInsecure(t *testing.T) {
 	assert.Equal(t, url.Scheme, "https")
 	assert.Equal(t, url.Host, "127.0.0.1:6666")
 
+	hookDo = func(fn func(req *http.Request) (*http.Response, error)) func(req *http.Request) (*http.Response, error) {
+		return func(req *http.Request) (*http.Response, error) {
+			return mockResponse(400, "", errors.New("x509: certificate signed by unknown authority"))
+		}
+	}
+	err = client.DoAction(request, response)
+	assert.NotNil(t, err)
+	assert.Equal(t, 400, response.GetHttpStatus())
+	assert.Equal(t, "", response.GetHttpContentString())
+
 	client.Shutdown()
 	os.Setenv("HTTPS_PROXY", envHttpsProxy)
 	os.Setenv("HTTP_PROXY", envHttpProxy)