tag 926900 patch
thanks
The attached patch fixes the issue for me
Le 26/01/24 à 10:38, Laurent Bigonville a écrit :
When looking at the documentation of smtplib (the python library used
here), it says:
An SMTP_SSL instance behaves exactly the same as instances of SMTP.
SMTP_SSL*should be used for situations where SSL is required from the
beginning of the connection and using starttls() is not appropriate*.
If host is not specified, the local host is used. If port is zero, the standard
SMTP-over-SSL port (465) is used.
So that means that SMTP_SSL is used for connections where SSL is
present from the start and not when STARTTLS is used to upgrade the
connection to a secure one.
The documentation of reportbug says: smtptls: Enables TLS encryption
for the SMTP connection, using STARTTLS. This setting is ignored if
you connect to port 465, in which case SSL/TLS will always be used.
So either the documentation is wrong, of the code is.
The following python code works:
>>> smtp = smtplib.SMTP('mail-submit.debian.org',587)
>>> smtp.ehlo()
(250, b'stravinsky.debian.org Hello eriador.bigon.be
[2a02:a03f:65c5:3301:a912:aba9:d92d:4965]\nSIZE
104857600\n8BITMIME\nCHUNKING\nSTARTTLS\nSMTPUTF8\nHELP')
>>> smtp.starttls()
(220, b'TLS go ahead')
>>> smtp.quit()
(221, b'stravinsky.debian.org closing connection')
>>>
While this is not:
>>> smtplib.SMTP_SSL('mail-submit.debian.org',587)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.11/smtplib.py", line 1050, in __init__
SMTP.__init__(self, host, port, local_hostname, timeout,
File "/usr/lib/python3.11/smtplib.py", line 255, in __init__
(code, msg) = self.connect(host, port)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/smtplib.py", line 341, in connect
self.sock = self._get_socket(host, port, self.timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/smtplib.py", line 1057, in _get_socket
new_socket = self.context.wrap_socket(new_socket,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 1108, in _create
self.do_handshake()
File "/usr/lib/python3.11/ssl.py", line 1383, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1006)
>>>
From 19b99e6c66c5febbcf590846cf29f824bc1c1440 Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bi...@debian.org>
Date: Fri, 26 Jan 2024 13:56:09 +0100
Subject: [PATCH] Fix issue when sending mails using SSL/STARTTLS
The hostname passed to smtplib should not contain the port, this
hostname is used to verify the SSL certificate.
Closes: #926900
---
reportbug/submit.py | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/reportbug/submit.py b/reportbug/submit.py
index 0daaad4..94a30bf 100644
--- a/reportbug/submit.py
+++ b/reportbug/submit.py
@@ -446,6 +446,11 @@ def send_report(body, attachments, mua, fromaddr, sendto, ccaddr, bccaddr,
tryagain = True
refused = None
retry = 0
+ _smtphost = smtphost.split(':')[0]
+ try:
+ smtpport = smtphost.split(':')[1]
+ except IndexError:
+ smtpport = 25
while tryagain:
tryagain = False
ewrite("Connecting to %s via SMTP...\n", smtphost)
@@ -453,14 +458,14 @@ def send_report(body, attachments, mua, fromaddr, sendto, ccaddr, bccaddr,
conn = None
# if we're using reportbug.debian.org, send mail to
# submit
- if smtphost.lower() == 'reportbug.debian.org':
- conn = smtplib.SMTP(smtphost, 587)
- elif smtphost.endswith(':465'):
+ if _smtphost.lower() == 'reportbug.debian.org':
+ conn = smtplib.SMTP(_smtphost, 587)
+ elif smtpport == 465:
# ignore smtptls setting since port 465 implies SSL
smtptls = None
- conn = smtplib.SMTP_SSL(smtphost)
+ conn = smtplib.SMTP_SSL(_smtphost, 465)
else:
- conn = smtplib.SMTP(smtphost)
+ conn = smtplib.SMTP(_smtphost, smtpport)
response = conn.ehlo()
if not (200 <= response[0] <= 299):
conn.helo()
--
2.43.0
