Mercurial > public > mercurial-scm > hg
comparison mercurial/mail.py @ 29285:63a3749147af
mail: unsupport smtp.verifycert (BC)
smtp.verifycert was accidentally broken by cca59ef27e60. And,
I believe the "loose" value has been broken for longer than that.
The current code refuses to talk to a remote server unless the
CA is trusted or the fingerprint is validated. In other words,
we lost the ability for smtp.verifycert to lower/disable security.
There are special considerations for smtp.verifycert in
sslutil.validatesocket() (the "strict" argument). This violates
the direction sslutil is evolving towards, which has all security
options determined at wrapsocket() time and a unified code path and
configs for determining security options.
Since smtp.verifycert is broken and since we'll soon have new
security defaults and new mechanisms for controlling host security,
this patch formally deprecates smtp.verifycert. With this patch,
the socket security code in mail.py now effectively mirrors code
in url.py and other places we're doing socket security.
For the record, removing smtp.verifycert because it was accidentally
broken is a poor excuse to remove it. However, I would have done this
anyway because smtp.verifycert is a one-off likely used by few people
(users of the patchbomb extension) and I don't think the existence
of this seldom-used one-off in security code can be justified,
especially when you consider that better mechanisms are right around
the corner.
| author | Gregory Szorc <gregory.szorc@gmail.com> |
|---|---|
| date | Sat, 04 Jun 2016 11:13:28 -0700 |
| parents | 31acc78c632a |
| children | 87b8e40eb812 |
comparison
equal
deleted
inserted
replaced
| 29284:1c7167009936 | 29285:63a3749147af |
|---|---|
| 104 if (starttls or smtps) and not util.safehasattr(socket, 'ssl'): | 104 if (starttls or smtps) and not util.safehasattr(socket, 'ssl'): |
| 105 raise error.Abort(_("can't use TLS: Python SSL support not installed")) | 105 raise error.Abort(_("can't use TLS: Python SSL support not installed")) |
| 106 mailhost = ui.config('smtp', 'host') | 106 mailhost = ui.config('smtp', 'host') |
| 107 if not mailhost: | 107 if not mailhost: |
| 108 raise error.Abort(_('smtp.host not configured - cannot send mail')) | 108 raise error.Abort(_('smtp.host not configured - cannot send mail')) |
| 109 verifycert = ui.config('smtp', 'verifycert', 'strict') | |
| 110 if verifycert not in ['strict', 'loose']: | |
| 111 if util.parsebool(verifycert) is not False: | |
| 112 raise error.Abort(_('invalid smtp.verifycert configuration: %s') | |
| 113 % (verifycert)) | |
| 114 verifycert = False | |
| 115 | |
| 116 if smtps: | 109 if smtps: |
| 117 ui.note(_('(using smtps)\n')) | 110 ui.note(_('(using smtps)\n')) |
| 118 s = SMTPS(ui, local_hostname=local_hostname, host=mailhost) | 111 s = SMTPS(ui, local_hostname=local_hostname, host=mailhost) |
| 119 elif starttls: | 112 elif starttls: |
| 120 s = STARTTLS(ui, local_hostname=local_hostname, host=mailhost) | 113 s = STARTTLS(ui, local_hostname=local_hostname, host=mailhost) |
| 131 if starttls: | 124 if starttls: |
| 132 ui.note(_('(using starttls)\n')) | 125 ui.note(_('(using starttls)\n')) |
| 133 s.ehlo() | 126 s.ehlo() |
| 134 s.starttls() | 127 s.starttls() |
| 135 s.ehlo() | 128 s.ehlo() |
| 136 if (starttls or smtps) and verifycert: | 129 if starttls or smtps: |
| 137 ui.note(_('(verifying remote certificate)\n')) | 130 ui.note(_('(verifying remote certificate)\n')) |
| 138 sslutil.validatesocket(s.sock, verifycert == 'strict') | 131 sslutil.validatesocket(s.sock) |
| 139 username = ui.config('smtp', 'username') | 132 username = ui.config('smtp', 'username') |
| 140 password = ui.config('smtp', 'password') | 133 password = ui.config('smtp', 'password') |
| 141 if username and not password: | 134 if username and not password: |
| 142 password = ui.getpass() | 135 password = ui.getpass() |
| 143 if username and password: | 136 if username and password: |