Mercurial > hg

changeset 18885:cf1304fbc184

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
smtp: add the class to verify the certificate of the SMTP server for STARTTLS Original "smtplib.SMTP" has no route to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. This causes that "getpeercert()" on SSL socket returns empty dict, so the peer certificate for STARTTLS can't be verified. This patch introduces the "STARTTLS" class derived from "smtplib.SMTP" to pass "ca_certs" and "cert_reqs" arguments to underlying SSL socket creation. Almost all code of "starttls()" in this class is imported from "smtplib.SMTP" of Python 2.7.3, but it differs from original code in points below: - "self.ehlo_or_helo_if_needed()" invocation is omitted, because: - "ehlo_or_helo_if_needed()" is available with Python 2.6 or later, and - "ehlo()" is explicitly invoked in "mercurial.mail._smtp()" - "if not _have_ssl:" check is omitted, because: - "_have_ssl" is available with Python 2.6 or later, and - same checking is done in "mercurial.sslutil.ssl_wrap_socket()" - "ssl.wrap_socket()" is replaced by "sslutil.ssl_wrap_socket()" for compatibility between Python versions - use "sock.recv()" also as "sock.read()", if "sock" doesn't have "read()" method with Python 2.5.x or earlier, "sslutil.ssl_wrap_socket()" returns "httplib.FakeSocket"-ed object, and it doesn't have "read()" method, which is invoked via "smtplib.SSLFakeFile".
author FUJIWARA Katsunori <foozy@lares.dti.ne.jp>
date Tue, 26 Mar 2013 02:27:23 +0900
parents 0615b22da148
children 14a60a0f7122
files mercurial/mail.py
diffstat 1 files changed, 28 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mercurial/mail.py	Sun Apr 07 23:25:50 2013 -0700
+++ b/mercurial/mail.py	Tue Mar 26 02:27:23 2013 +0900
@@ -6,7 +6,7 @@
 # GNU General Public License version 2 or any later version.
 
 from i18n import _
-import util, encoding
+import util, encoding, sslutil
 import os, smtplib, socket, quopri, time
 import email.Header, email.MIMEText, email.Utils
 
@@ -30,6 +30,33 @@
 
 email.Header.Header.__dict__['__init__'] = _unifiedheaderinit
 
+class STARTTLS(smtplib.SMTP):
+    '''Derived class to verify the peer certificate for STARTTLS.
+
+    This class allows to pass any keyword arguments to SSL socket creation.
+    '''
+    def __init__(self, sslkwargs, **kwargs):
+        smtplib.SMTP.__init__(self, **kwargs)
+        self._sslkwargs = sslkwargs
+
+    def starttls(self, keyfile=None, certfile=None):
+        if not self.has_extn("starttls"):
+            msg = "STARTTLS extension not supported by server"
+            raise smtplib.SMTPException(msg)
+        (resp, reply) = self.docmd("STARTTLS")
+        if resp == 220:
+            self.sock = sslutil.ssl_wrap_socket(self.sock, keyfile, certfile,
+                                                **self._sslkwargs)
+            if not util.safehasattr(self.sock, "read"):
+                # using httplib.FakeSocket with Python 2.5.x or earlier
+                self.sock.read = self.sock.recv
+            self.file = smtplib.SSLFakeFile(self.sock)
+            self.helo_resp = None
+            self.ehlo_resp = None
+            self.esmtp_features = {}
+            self.does_esmtp = 0
+        return (resp, reply)
+
 def _smtp(ui):
     '''build an smtp connection and return a function to send mail'''
     local_hostname = ui.config('smtp', 'local_hostname')