From 9f504dff28faf122c7c8a60aa823e0c9a34415fd Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Sun, 5 Dec 2021 21:28:22 +0200
Subject: [PATCH 1/3] Create client-specific SSLContext for probes

Reusing the server context is not possible in Python 3.10:

  ssl.SSLError: Cannot create a client socket with a
                PROTOCOL_TLS_SERVER context (_ssl.c:801)

(cherry picked from commit ddc9c7316e1f7fb4f47136d0c94292dad15db069)
---
 aiosmtpd/controller.py        | 10 ++++++++--
 aiosmtpd/tests/test_server.py |  5 ++++-
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/aiosmtpd/controller.py b/aiosmtpd/controller.py
index 2258c54..9204a68 100644
--- a/aiosmtpd/controller.py
+++ b/aiosmtpd/controller.py
@@ -312,7 +312,10 @@ class Controller(BaseThreadedController):
         with ExitStack() as stk:
             s = stk.enter_context(create_connection((hostname, self.port), 1.0))
             if self.ssl_context:
-                s = stk.enter_context(self.ssl_context.wrap_socket(s))
+                context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                s = stk.enter_context(context.wrap_socket(s))
             _ = s.recv(1024)
 
 
@@ -355,5 +358,8 @@ class UnixSocketController(BaseThreadedController):  # pragma: on-win32 on-cygwi
             s: makesock = stk.enter_context(makesock(AF_UNIX, SOCK_STREAM))
             s.connect(self.unix_socket)
             if self.ssl_context:
-                s = stk.enter_context(self.ssl_context.wrap_socket(s))
+                context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                s = stk.enter_context(context.wrap_socket(s))
             _ = s.recv(1024)
diff --git a/aiosmtpd/tests/test_server.py b/aiosmtpd/tests/test_server.py
index 99c5630..6b99495 100644
--- a/aiosmtpd/tests/test_server.py
+++ b/aiosmtpd/tests/test_server.py
@@ -334,7 +334,10 @@ class TestUnixSocketController:
             )
             sock.connect(str(self.sockfile))
             if ssl_context:
-                sock = stk.enter_context(ssl_context.wrap_socket(sock))
+                context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH)
+                context.check_hostname = False
+                context.verify_mode = ssl.CERT_NONE
+                sock = stk.enter_context(context.wrap_socket(sock))
                 time.sleep(0.1)
             resp = sock.recv(1024)
             assert resp.startswith(b"220 ")

From d4bf099b006e145f774277a16993df70919a5341 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Sun, 5 Dec 2021 21:38:54 +0200
Subject: [PATCH 2/3] Limit bpo-27820 xfail to older Python versions

(bpo-27820: Possible bug in smtplib when initial_response_ok=False)

(cherry picked from commit cdc56aa1fd9a2745ec6d4e22b1a1f79b7f0c9b06)
---
 aiosmtpd/tests/test_smtp.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/aiosmtpd/tests/test_smtp.py b/aiosmtpd/tests/test_smtp.py
index 6fd8bfb..5e79b09 100644
--- a/aiosmtpd/tests/test_smtp.py
+++ b/aiosmtpd/tests/test_smtp.py
@@ -7,6 +7,7 @@ import asyncio
 import itertools
 import logging
 import socket
+import sys
 import time
 import warnings
 from base64 import b64encode
@@ -1050,7 +1051,9 @@ class TestAuthMechanisms(_CommonMethods):
         client.user = "goodlogin"
         client.password = PW
         auth_meth = getattr(client, "auth_" + mechanism)
-        if (mechanism, init_resp) == ("login", False):
+        if (mechanism, init_resp) == ("login", False) and (
+            sys.version_info < (3, 8, 9) or sys.version_info < (3, 9, 3)):
+            # bpo-27820 was fixed for 3.10 and backported to 3.8.9 and 3.9.3
             with pytest.raises(SMTPAuthenticationError):
                 client.auth(mechanism, auth_meth, initial_response_ok=init_resp)
             client.docmd("*")

From e7724b48a6da7913f2b492f85067abf4d8398465 Mon Sep 17 00:00:00 2001
From: Evangelos Foutras <evangelos@foutrelis.com>
Date: Sun, 5 Dec 2021 23:45:50 +0200
Subject: [PATCH 3/3] Mark 'test_warn_authreqnotls' xfail on Python 3.10

Ignoring the following test failure until it's fixed properly.

aiosmtpd/tests/test_smtp.py::TestAuthArgs::test_warn_authreqnotls
  aiosmtpd/aiosmtpd/smtp.py:329: DeprecationWarning:
                                 There is no current event loop
    self.loop = loop if loop else asyncio.get_event_loop()

(cherry picked from commit f93395fc1a74dabce5cca203d89aa348fb74fbba)
---
 aiosmtpd/tests/test_smtp.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/aiosmtpd/tests/test_smtp.py b/aiosmtpd/tests/test_smtp.py
index 5e79b09..c286754 100644
--- a/aiosmtpd/tests/test_smtp.py
+++ b/aiosmtpd/tests/test_smtp.py
@@ -1930,6 +1930,8 @@ class TestTimeout(_CommonMethods):
 
 
 class TestAuthArgs:
+    @pytest.mark.xfail(sys.version_info >= (3, 10),
+        reason="asyncio.get_event_loop raises DeprecationWarning (bpo-39529)")
     def test_warn_authreqnotls(self, caplog):
         with pytest.warns(UserWarning) as record:
             _ = Server(Sink(), auth_required=True, auth_require_tls=False)