[issue25852] smtplib's SMTP.connect() should store the server name in ._host for .starttls()
gigaplastik
report at bugs.python.org
Thu Mar 3 03:50:55 EST 2016
gigaplastik added the comment:
Found the same issue independently, but I believe my version of the patch is a little more thoughtful. Since the host is allowed to be supplied in 'hostname:port' format the assignment to ._host should be made _after_ checking (and probably parsing) this format.
The reason for this is that ._host is passed to ssl.SSLContext.wrap_socket method where it is used for SNI, defined in [1]. According to this RFC, "[c]urrently, the only server names supported are DNS hostnames; ... Literal IPv4 and IPv6 addresses are not permitted in [HostName]."
Checking if hostname passed is really a DNS name and not an IP address is up to ssl library, but here, in .connect method, at least the port number should be stripped off.
[1] https://tools.ietf.org/html/rfc4366.html
----------
nosy: +gigaplastik
Added file: http://bugs.python.org/file42067/issue25852_v2.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue25852>
_______________________________________
More information about the Python-bugs-list
mailing list