----- Original Message ----- From: "Paul Rubin" "http://phr.cx"@NOSPAM.invalid
> "Matthias Kluwe" <[EMAIL PROTECTED]> writes: > > Hmm. I tried > > > > server.sock.realsock.shutdown(2) > > before server.quit() with the result of > > I don't think that's exactly what you want. You need to send a > specific TLS message BEFORE shutting down the socket, to tell the > other end that the TLS connection is ending. That tells the server > that it shouldn't accept a TLS session resumption later. The close > notify message is required because if you don't send it, an attacker > could truncate one of your TLS messages by cutting your connection. > > Basically the socket library's SSL implementation is pretty crude. > You might try http://trevp.net/tlslite for a pure-Python > implementation that's also still missing stuff, but is getting there. I have found problems with the TLS built into smtplib when you are doing something with sock elswhere in your app. eg for me using [something].sock.settimeout(x) or setting the default timeout anywhere broke TLS in smtplib. Have you verified that its your end that is broken, not gmail's, do other servers give the same response ? The following servers accept incoming TLS on port 25 e32.co.us.ibm.com mail.donkeyisland.com smtp.myrealbox.com And for quick tests you don't need to send an email (or authenticate), just use a NOOP after STARTTLS (and perhaps a RSET) then QUIT eg server = smtplib.SMTP(hostname [,port]) server.set_debuglevel(1) server.ehlo('x') server.starttls() server.ehlo('x') server.noop() server.rset() server.quit() Trevor's http://trevp.net/tlslite did the job nicely, solving my previous TLS problems (completely untested) from tlslite.api import * > > server = SMTP_TLS('smtp.gmail.com', 587) server.set_debuglevel(1) server.ehlo() settings = HandshakeSettings() server.starttls(settings=settings) server.ehlo() server.login('[EMAIL PROTECTED]', password) server.sendmail("[EMAIL PROTECTED]", toaddress, message) server.quit() HTH :) -- http://mail.python.org/mailman/listinfo/python-list
