freeipa

Clone
Source Code
GIT

#8579 EPN: SMTP client doesn't validate server certificate
Closed: fixed 3 years ago by rcritten. Opened 3 years ago by slev.

Closed: fixed
Reopen Issue

If smtp_security is specified as starttls or ssl via epn.conf then EPN SMTP client doesn't perform server certificate validation and hostname checking.

In order to verify connections in smtplib you have to pass a context to SMTP.starttls() or SMTP_SSL():

context = ssl.create_default_context()

smtp = smtplib.SMTP(...)
smtp.starttls(context=context)

Thank you.
This is proposed in https://github.com/freeipa/freeipa/pull/5257

master:

  • be006ad ipatests: Respect platform's openssl dir
  • 94adee3 EPN: Don't downgrade security
  • 977063a test_epn: Standardize EPN configs for deduplication
  • 32aa154 EPN: Enable certificate validation and hostname checking
  • 17f430e EPN: Allow authentication by SMTP client's certificate
  • 82e6900 ipatests: Collect EPN log for debugging

ipa-4-8:

  • 1f0c5cc ipatests: Respect platform's openssl dir
  • 9b756a7 EPN: Don't downgrade security
  • 3c83c98 test_epn: Standardize EPN configs for deduplication
  • 119ebed EPN: Enable certificate validation and hostname checking
  • 058d51f EPN: Allow authentication by SMTP client's certificate
  • 461b463 ipatests: Collect EPN log for debugging

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.