arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Python3.4 now uses system's CA to connect to SMTP via TLS

Browse Source
This commit is contained in:
Martin Zimmermann 2014-06-16 19:34:59 +02:00
parent 4a7830a96d
commit f489ae63d6
3 changed files with 14 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/docs/configuration/server.rst
View File

@ -183,9 +183,10 @@ port
security security
use a secure connection to the server, possible values: *none*, *starttls* use a secure connection to the server, possible values: *none*, *starttls*
or *ssl*. Note, that Python does not validate the server's certificate and or *ssl*. Note, that there is no easy way for Python 2.7 and 3.3 to
thus the connection is vulnerable to Man-in-the-Middle attacks. Therefore, implement certification validation and thus the connection is vulnerable to
you should definitely use a dedicated SMTP account for Isso. Man-in-the-Middle attacks. You should definitely use a dedicated SMTP
account for Isso in that case.
to to
recipient address, e.g. your email address recipient address, e.g. your email address

7
isso/ext/notifications.py
View File

@ -2,6 +2,7 @@
from __future__ import unicode_literals from __future__ import unicode_literals
import sys
import io import io
import time import time
import json import json
@ -63,7 +64,11 @@ class SMTP(object):
timeout=self.conf.getint('timeout')) timeout=self.conf.getint('timeout'))
if self.conf.get('security') == 'starttls': if self.conf.get('security') == 'starttls':
self.client.starttls(); if sys.version_info >= (3, 4):
import ssl
self.client.starttls(context=ssl.create_default_context())
else:
self.client.starttls()
if self.conf.get('username') and self.conf.get('password'): if self.conf.get('username') and self.conf.get('password'):
self.client.login(self.conf.get('username'), self.client.login(self.conf.get('username'),

7
share/isso.conf
View File

@ -88,9 +88,10 @@ host = localhost
port = 587 port = 587
# use a secure connection to the server, possible values: none, starttls or # use a secure connection to the server, possible values: none, starttls or
# ssl. Note, that Python does not validate the server's certificate and thus # ssl. Note, that there is no easy way for Python 2.7 and 3.3 to implement
# the connection is vulnerable to Man-in-the-Middle attacks. Therefore, you # certification validation and thus the connection is vulnerable to
# should definitely use a dedicated SMTP account for Isso. # Man-in-the-Middle attacks. You should definitely use a dedicated SMTP account
# for Isso in that case.
security = starttls security = starttls
# recipient address, e.g. your email address # recipient address, e.g. your email address