The attached patch fixes the issue for me
When looking at the documentation of smtplib (the python library used here), it says:
An SMTP_SSL instance behaves exactly the same as instances of SMTP. SMTP_SSL should be used for situations where SSL is required from the beginning of the connection and using starttls() is not appropriate. If host is not specified, the local host is used. If port is zero, the standard SMTP-over-SSL port (465) is used.So that means that SMTP_SSL is used for connections where SSL is present from the start and not when STARTTLS is used to upgrade the connection to a secure one.
The documentation of reportbug says: smtptls: Enables TLS encryption for the SMTP connection, using STARTTLS. This setting is ignored if you connect to port 465, in which case SSL/TLS will always be used.
So either the documentation is wrong, of the code is.
The following python code works:
>>> smtp = smtplib.SMTP('mail-submit.debian.org',587) >>> smtp.ehlo() (250, b'stravinsky.debian.org Hello eriador.bigon.be [2a02:a03f:65c5:3301:a912:aba9:d92d:4965]\nSIZE 104857600\n8BITMIME\nCHUNKING\nSTARTTLS\nSMTPUTF8\nHELP') >>> smtp.starttls() (220, b'TLS go ahead') >>> smtp.quit() (221, b'stravinsky.debian.org closing connection') >>>While this is not:
>>> smtplib.SMTP_SSL('mail-submit.debian.org',587) Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.11/smtplib.py", line 1050, in __init__ SMTP.__init__(self, host, port, local_hostname, timeout, File "/usr/lib/python3.11/smtplib.py", line 255, in __init__ (code, msg) = self.connect(host, port) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/smtplib.py", line 341, in connect self.sock = self._get_socket(host, port, self.timeout) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/smtplib.py", line 1057, in _get_socket new_socket = self.context.wrap_socket(new_socket, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket return self.sslsocket_class._create( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/ssl.py", line 1108, in _create self.do_handshake() File "/usr/lib/python3.11/ssl.py", line 1383, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1006) >>>
From 19b99e6c66c5febbcf590846cf29f824bc1c1440 Mon Sep 17 00:00:00 2001 From: Laurent Bigonville <bigon@debian.org> Date: Fri, 26 Jan 2024 13:56:09 +0100 Subject: [PATCH] Fix issue when sending mails using SSL/STARTTLS The hostname passed to smtplib should not contain the port, this hostname is used to verify the SSL certificate. Closes: #926900 --- reportbug/submit.py | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/reportbug/submit.py b/reportbug/submit.py index 0daaad4..94a30bf 100644 --- a/reportbug/submit.py +++ b/reportbug/submit.py @@ -446,6 +446,11 @@ def send_report(body, attachments, mua, fromaddr, sendto, ccaddr, bccaddr, tryagain = True refused = None retry = 0 + _smtphost = smtphost.split(':')[0] + try: + smtpport = smtphost.split(':')[1] + except IndexError: + smtpport = 25 while tryagain: tryagain = False ewrite("Connecting to %s via SMTP...\n", smtphost) @@ -453,14 +458,14 @@ def send_report(body, attachments, mua, fromaddr, sendto, ccaddr, bccaddr, conn = None # if we're using reportbug.debian.org, send mail to # submit - if smtphost.lower() == 'reportbug.debian.org': - conn = smtplib.SMTP(smtphost, 587) - elif smtphost.endswith(':465'): + if _smtphost.lower() == 'reportbug.debian.org': + conn = smtplib.SMTP(_smtphost, 587) + elif smtpport == 465: # ignore smtptls setting since port 465 implies SSL smtptls = None - conn = smtplib.SMTP_SSL(smtphost) + conn = smtplib.SMTP_SSL(_smtphost, 465) else: - conn = smtplib.SMTP(smtphost) + conn = smtplib.SMTP(_smtphost, smtpport) response = conn.ehlo() if not (200 <= response[0] <= 299): conn.helo() -- 2.43.0