changeset e1a40dc38b1c in trytond:6.2 details: https://hg.tryton.org/trytond?cmd=changeset&node=e1a40dc38b1c description: Enforce certificate validation for SMTP connection
issue11564 review417381003 (grafted from 314535925101f45598850d9a8e31145abef9be05) diffstat: CHANGELOG | 2 ++ trytond/sendmail.py | 4 +++- 2 files changed, 5 insertions(+), 1 deletions(-) diffs (37 lines): diff -r 3ca7c00aaf76 -r e1a40dc38b1c CHANGELOG --- a/CHANGELOG Fri Jun 03 19:03:00 2022 +0200 +++ b/CHANGELOG Tue Jun 21 10:16:35 2022 +0200 @@ -1,3 +1,5 @@ +* Enforce certificate validation for SMTP connection (issue11564) + Version 6.2.9 - 2022-06-03 * Bug fixes (see mercurial logs for details) diff -r 3ca7c00aaf76 -r e1a40dc38b1c trytond/sendmail.py --- a/trytond/sendmail.py Fri Jun 03 19:03:00 2022 +0200 +++ b/trytond/sendmail.py Tue Jun 21 10:16:35 2022 +0200 @@ -2,6 +2,7 @@ # this repository contains the full copyright notices and license terms. import logging import smtplib +import ssl from email.message import Message from email.utils import formatdate from email.mime.text import MIMEText @@ -70,6 +71,7 @@ extra[key] = cast.get(key, lambda a: a)(value[0]) if uri.scheme.startswith('smtps'): connector = smtplib.SMTP_SSL + extra['context'] = ssl.create_default_context() else: connector = smtplib.SMTP try: @@ -81,7 +83,7 @@ return if 'tls' in uri.scheme: - server.starttls() + server.starttls(context=ssl.create_default_context()) if uri.username and uri.password: server.login(