From 9f504dff28faf122c7c8a60aa823e0c9a34415fd Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Sun, 5 Dec 2021 21:28:22 +0200 Subject: [PATCH 1/3] Create client-specific SSLContext for probes Reusing the server context is not possible in Python 3.10: ssl.SSLError: Cannot create a client socket with a PROTOCOL_TLS_SERVER context (_ssl.c:801) (cherry picked from commit ddc9c7316e1f7fb4f47136d0c94292dad15db069) --- aiosmtpd/controller.py | 10 ++++++++-- aiosmtpd/tests/test_server.py | 5 ++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/aiosmtpd/controller.py b/aiosmtpd/controller.py index 2258c54..9204a68 100644 --- a/aiosmtpd/controller.py +++ b/aiosmtpd/controller.py @@ -312,7 +312,10 @@ class Controller(BaseThreadedController): with ExitStack() as stk: s = stk.enter_context(create_connection((hostname, self.port), 1.0)) if self.ssl_context: - s = stk.enter_context(self.ssl_context.wrap_socket(s)) + context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + s = stk.enter_context(context.wrap_socket(s)) _ = s.recv(1024) @@ -355,5 +358,8 @@ class UnixSocketController(BaseThreadedController): # pragma: on-win32 on-cygwi s: makesock = stk.enter_context(makesock(AF_UNIX, SOCK_STREAM)) s.connect(self.unix_socket) if self.ssl_context: - s = stk.enter_context(self.ssl_context.wrap_socket(s)) + context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + s = stk.enter_context(context.wrap_socket(s)) _ = s.recv(1024) diff --git a/aiosmtpd/tests/test_server.py b/aiosmtpd/tests/test_server.py index 99c5630..6b99495 100644 --- a/aiosmtpd/tests/test_server.py +++ b/aiosmtpd/tests/test_server.py @@ -334,7 +334,10 @@ class TestUnixSocketController: ) sock.connect(str(self.sockfile)) if ssl_context: - sock = stk.enter_context(ssl_context.wrap_socket(sock)) + context = ssl.create_default_context(ssl.Purpose.SERVER_AUTH) + context.check_hostname = False + context.verify_mode = ssl.CERT_NONE + sock = stk.enter_context(context.wrap_socket(sock)) time.sleep(0.1) resp = sock.recv(1024) assert resp.startswith(b"220 ") From d4bf099b006e145f774277a16993df70919a5341 Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Sun, 5 Dec 2021 21:38:54 +0200 Subject: [PATCH 2/3] Limit bpo-27820 xfail to older Python versions (bpo-27820: Possible bug in smtplib when initial_response_ok=False) (cherry picked from commit cdc56aa1fd9a2745ec6d4e22b1a1f79b7f0c9b06) --- aiosmtpd/tests/test_smtp.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aiosmtpd/tests/test_smtp.py b/aiosmtpd/tests/test_smtp.py index 6fd8bfb..5e79b09 100644 --- a/aiosmtpd/tests/test_smtp.py +++ b/aiosmtpd/tests/test_smtp.py @@ -7,6 +7,7 @@ import asyncio import itertools import logging import socket +import sys import time import warnings from base64 import b64encode @@ -1050,7 +1051,9 @@ class TestAuthMechanisms(_CommonMethods): client.user = "goodlogin" client.password = PW auth_meth = getattr(client, "auth_" + mechanism) - if (mechanism, init_resp) == ("login", False): + if (mechanism, init_resp) == ("login", False) and ( + sys.version_info < (3, 8, 9) or sys.version_info < (3, 9, 3)): + # bpo-27820 was fixed for 3.10 and backported to 3.8.9 and 3.9.3 with pytest.raises(SMTPAuthenticationError): client.auth(mechanism, auth_meth, initial_response_ok=init_resp) client.docmd("*") From e7724b48a6da7913f2b492f85067abf4d8398465 Mon Sep 17 00:00:00 2001 From: Evangelos Foutras Date: Sun, 5 Dec 2021 23:45:50 +0200 Subject: [PATCH 3/3] Mark 'test_warn_authreqnotls' xfail on Python 3.10 Ignoring the following test failure until it's fixed properly. aiosmtpd/tests/test_smtp.py::TestAuthArgs::test_warn_authreqnotls aiosmtpd/aiosmtpd/smtp.py:329: DeprecationWarning: There is no current event loop self.loop = loop if loop else asyncio.get_event_loop() (cherry picked from commit f93395fc1a74dabce5cca203d89aa348fb74fbba) --- aiosmtpd/tests/test_smtp.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/aiosmtpd/tests/test_smtp.py b/aiosmtpd/tests/test_smtp.py index 5e79b09..c286754 100644 --- a/aiosmtpd/tests/test_smtp.py +++ b/aiosmtpd/tests/test_smtp.py @@ -1930,6 +1930,8 @@ class TestTimeout(_CommonMethods): class TestAuthArgs: + @pytest.mark.xfail(sys.version_info >= (3, 10), + reason="asyncio.get_event_loop raises DeprecationWarning (bpo-39529)") def test_warn_authreqnotls(self, caplog): with pytest.warns(UserWarning) as record: _ = Server(Sink(), auth_required=True, auth_require_tls=False)