From: Matthieu Moy <Matthieu.Moy@grenoble-inp.fr>
To: Simon P <simon.git@le-huit.fr>
Cc: git@vger.kernel.org, mhagger@alum.mit.edu
Subject: Re: [git-multimail] smtplib, check certificate
Date: Fri, 22 Apr 2016 08:05:11 +0200 [thread overview]
Message-ID: <vpqoa92rxew.fsf@anie.imag.fr> (raw)
In-Reply-To: <571949D2.10507@le-huit.fr> (Simon P.'s message of "Thu, 21 Apr 2016 23:44:50 +0200")
Simon P <simon.git@le-huit.fr> writes:
> Hi,
Hi, and thanks for the patch.
Please, add your sign-off and a proper commit message to your patch,
see:
https://github.com/git-multimail/git-multimail/blob/master/CONTRIBUTING.rst
I'm OK with patches by email, but you may prefer using a pull-request
(among other things, creating a pull-request triggers a Travis-CI build
and would have noticed the absence of sign-off and a minor PEP8 issue in
your code.
The patch obviously lacks documentation, and some way to test it.
Actually, the testsuite will fail if you document the configuration
variable and they don't appear somewhere in the testsuite. A fully
automatic test would be hard to write, but I have a semi-automated
testsuite for smtp: some configurations in t/*.config.in, and a script
test-email-config to run a test with each of the configurations (then I
check my mailbox). There should be one configuration with a valid
certificate and another with a buggy one so that we can check that the
certificate is actually checked.
> @@ -1945,6 +1946,7 @@ class SMTPMailer(Mailer):
> smtpservertimeout=10.0, smtpserverdebuglevel=0,
> smtpencryption='none',
> smtpuser='', smtppass='',
> + smtpcacerts='/etc/ssl/certs/ca-certificates.crt',smtpcheckcert=False
Do you need a default for smtpcheckcert if you already have one in
config.get(smtpcheckcert)? In any case, I'd rather avoid having two
hardcoded path in the code. If you need
'/etc/ssl/certs/ca-certificates.crt' in two places, please define a
constant elsewhere in the code and use it here.
Missing space after ,.
> + if smtpcheckcert:
> + # inspired form:
> + # https://github.com/graingert/secure-smtplib/blob/master/src/secure_smtplib/__init__.py
> + # but add the path to trusted ca, and force ceritficate verification.
> + self.smtp.ehlo_or_helo_if_needed()
> + if not self.smtp.has_extn("starttls"):
> + msg = "STARTTLS extension not supported by server"
> + raise smtplib.SMTPException(msg)
> + (resp, reply) = self.smtp.docmd("STARTTLS")
Parenthesis around (resp, reply) are not needed, I prefer to omit them.
Thanks,
--
Matthieu Moy
http://www-verimag.imag.fr/~moy/
next prev parent reply other threads:[~2016-04-22 6:05 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-21 21:44 [git-multimail] smtplib, check certificate Simon P
2016-04-22 6:05 ` Matthieu Moy [this message]
2016-04-22 6:41 ` Michael Haggerty
2016-04-24 19:14 ` Simon Pontié
2016-04-24 18:20 ` Simon Pontié
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=vpqoa92rxew.fsf@anie.imag.fr \
--to=matthieu.moy@grenoble-inp.fr \
--cc=git@vger.kernel.org \
--cc=mhagger@alum.mit.edu \
--cc=simon.git@le-huit.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).