Abhilash Raj pushed to branch master at GNU Mailman / Mailman Core


Commits:
98362e01 by Dominic Tubach at 2019-07-17T18:16:34Z
Fix setting hostname verification for SMTP

- - - - -
27876466 by Abhilash Raj at 2019-07-17T18:16:34Z
Merge branch 'fix-smtp-verify-hostname' into 'master'

Fix setting hostname verification for SMTP

See merge request mailman/mailman!533
- - - - -


2 changed files:

- src/mailman/mta/connection.py
- src/mailman/mta/docs/connection.rst


Changes:

=====================================
src/mailman/mta/connection.py
=====================================
@@ -96,15 +96,16 @@ class Connection:
         module.
 
         If either of smtp_pass or smtp_user is omitted, the other will
-        be ignored.  If secure_mode is INSECURE, verify_host and
-        verify_cert will be ignored.
+        be ignored.  If secure_mode is INSECURE, verify_hostname and
+        verify_cert will be ignored. If secure_mode is not INSECURE,
+        verify_hostname will be ignored unless verify_cert is true.
         """
         self._host = host
         self._port = port
         self._sessions_per_connection = sessions_per_connection
         self.secure_mode = secure_mode
         self.verify_cert = verify_cert
-        self.verify_hostname = verify_hostname
+        self.verify_hostname = verify_hostname and verify_cert
         self._username = smtp_user
         self._password = smtp_pass
 
@@ -114,7 +115,7 @@ class Connection:
             self._tls_context = None
         else:
             self._tls_context = self._get_tls_context(self.verify_cert,
-                                                      self.verify_cert)
+                                                      self.verify_hostname)
 
     def sendmail(self, envsender, recipients, msgtext):
         """Mimic `smtplib.SMTP.sendmail`."""


=====================================
src/mailman/mta/docs/connection.rst
=====================================
@@ -126,7 +126,8 @@ The verify_cert and verify_hostname arguments control 
whether the
 ensure that the certificate hostname is identical to the hostname
 expected by Mailman.  These default to True, and setting them to False
 is strongly discouraged: fix the MTA host!  (They will be ignored if
-TLS is not used, i.e., secure_mode is INSECURE.)
+TLS is not used, i.e., secure_mode is INSECURE. verify_hostname will be ignored
+unless verify_cert is true.)
 ::
 
     >>> connection = Connection(



View it on GitLab: 
https://gitlab.com/mailman/mailman/compare/9e23594bb89f317be4ac9baa77823877aef17dba...278764666922a14fb72ab6fb1b8ac451407041e9

-- 
View it on GitLab: 
https://gitlab.com/mailman/mailman/compare/9e23594bb89f317be4ac9baa77823877aef17dba...278764666922a14fb72ab6fb1b8ac451407041e9
You're receiving this email because of your account on gitlab.com.


_______________________________________________
Mailman-checkins mailing list
Mailman-checkins@python.org
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-checkins/archive%40jab.org

Reply via email to