Patchwork [1,of,9] mail: unsupport smtp.verifycert (BC)

login
register
mail settings
Submitter Gregory Szorc
Date May 30, 2016, 11:03 p.m.
Message ID <7f4b7e6f29d1ea2ae547.1464649383@ubuntu-vm-main>
Download mbox | patch
Permalink /patch/15266/
State Superseded
Headers show

Comments

Gregory Szorc - May 30, 2016, 11:03 p.m.
# HG changeset patch
# User Gregory Szorc <gregory.szorc@gmail.com>
# Date 1464649340 25200
#      Mon May 30 16:02:20 2016 -0700
# Node ID 7f4b7e6f29d1ea2ae5479b88b09506eabbb88281
# Parent  48b38b16a8f83ea98ebdf0b370f59fd90dc17935
mail: unsupport smtp.verifycert (BC)

smtp.verifycert was accidentally broken by cca59ef27e60. The current
code refuses to talk to a remote server unless the CA is trusted or
the fingerprint is validated. In other words, we lost the ability
for smtp.verifycert to lower/disable security.

There are special considerations for smtp.verifycert in
sslutil.validatesocket() (the "strict" argument). This violates
the direction sslutil  is evolving towards, which has all security
options determined at wrapsocket() time and a unified code path and
configs for determining security options.

Since smtp.verifycert is broken and since we'll soon have new
security defaults and new mechanisms for controlling host security,
formally deprecate smtp.verifycert. With this patch, the socket
security code in mail.py now effectively mics code in url.py and
other places we're doing socket security.
timeless - May 31, 2016, 5:01 a.m.
Gregory Szorc wrote:
> security code in mail.py now effectively mics code in url.py and

mics?

Patch

diff --git a/mercurial/help/config.txt b/mercurial/help/config.txt
--- a/mercurial/help/config.txt
+++ b/mercurial/help/config.txt
@@ -1481,26 +1481,16 @@  Configuration for extensions that need t
 ``port``
     Optional. Port to connect to on mail server. (default: 465 if
     ``tls`` is smtps; 25 otherwise)
 
 ``tls``
     Optional. Method to enable TLS when connecting to mail server: starttls,
     smtps or none. (default: none)
 
-``verifycert``
-    Optional. Verification for the certificate of mail server, when
-    ``tls`` is starttls or smtps. "strict", "loose" or False. For
-    "strict" or "loose", the certificate is verified as same as the
-    verification for HTTPS connections (see ``[hostfingerprints]`` and
-    ``[web] cacerts`` also). For "strict", sending email is also
-    aborted, if there is no configuration for mail server in
-    ``[hostfingerprints]`` and ``[web] cacerts``.  --insecure for
-    :hg:`email` overwrites this as "loose". (default: strict)
-
 ``username``
     Optional. User name for authenticating with the SMTP server.
     (default: None)
 
 ``password``
     Optional. Password for authenticating with the SMTP server. If not
     specified, interactive sessions will prompt the user for a
     password; non-interactive sessions will fail. (default: None)
diff --git a/mercurial/mail.py b/mercurial/mail.py
--- a/mercurial/mail.py
+++ b/mercurial/mail.py
@@ -101,23 +101,16 @@  def _smtp(ui):
     # backward compatible: when tls = true, we use starttls.
     starttls = tls == 'starttls' or util.parsebool(tls)
     smtps = tls == 'smtps'
     if (starttls or smtps) and not util.safehasattr(socket, 'ssl'):
         raise error.Abort(_("can't use TLS: Python SSL support not installed"))
     mailhost = ui.config('smtp', 'host')
     if not mailhost:
         raise error.Abort(_('smtp.host not configured - cannot send mail'))
-    verifycert = ui.config('smtp', 'verifycert', 'strict')
-    if verifycert not in ['strict', 'loose']:
-        if util.parsebool(verifycert) is not False:
-            raise error.Abort(_('invalid smtp.verifycert configuration: %s')
-                             % (verifycert))
-        verifycert = False
-
     if smtps:
         ui.note(_('(using smtps)\n'))
         s = SMTPS(ui, local_hostname=local_hostname, host=mailhost)
     elif starttls:
         s = STARTTLS(ui, local_hostname=local_hostname, host=mailhost)
     else:
         s = smtplib.SMTP(local_hostname=local_hostname)
     if smtps:
@@ -128,19 +121,19 @@  def _smtp(ui):
     ui.note(_('sending mail: smtp host %s, port %d\n') %
             (mailhost, mailport))
     s.connect(host=mailhost, port=mailport)
     if starttls:
         ui.note(_('(using starttls)\n'))
         s.ehlo()
         s.starttls()
         s.ehlo()
-    if (starttls or smtps) and verifycert:
+    if starttls or smtps:
         ui.note(_('(verifying remote certificate)\n'))
-        sslutil.validatesocket(s.sock, verifycert == 'strict')
+        sslutil.validatesocket(s.sock)
     username = ui.config('smtp', 'username')
     password = ui.config('smtp', 'password')
     if username and not password:
         password = ui.getpass()
     if username and password:
         ui.note(_('(authenticating to mail server as %s)\n') %
                   (username))
         try: