1
2
3
4 """TLS Lite + smtplib."""
5
6 from smtplib import SMTP
7 from tlslite.tlsconnection import TLSConnection
8 from tlslite.integration.clienthelper import ClientHelper
9
11 """This class extends L{smtplib.SMTP} with TLS support."""
12
13 - def starttls(self,
14 username=None, password=None,
15 certChain=None, privateKey=None,
16 x509Fingerprint=None,
17 tackID=None,
18 hardTack=None,
19 settings=None):
20 """Puts the connection to the SMTP server into TLS mode.
21
22 If the server supports TLS, this will encrypt the rest of the SMTP
23 session.
24
25 For client authentication, use one of these argument
26 combinations:
27 - username, password (SRP)
28 - certChain, privateKey (certificate)
29
30 For server authentication, you can either rely on the
31 implicit mutual authentication performed by SRP or
32 you can do certificate-based server
33 authentication with one of these argument combinations:
34 - x509Fingerprint
35
36 Certificate-based server authentication is compatible with
37 SRP or certificate-based client authentication.
38
39 The caller should be prepared to handle TLS-specific
40 exceptions. See the client handshake functions in
41 L{tlslite.TLSConnection.TLSConnection} for details on which
42 exceptions might be raised.
43
44 @type username: str
45 @param username: SRP username. Requires the
46 'password' argument.
47
48 @type password: str
49 @param password: SRP password for mutual authentication.
50 Requires the 'username' argument.
51
52 @type certChain: L{tlslite.x509certchain.X509CertChain}
53 @param certChain: Certificate chain for client authentication.
54 Requires the 'privateKey' argument. Excludes the SRP arguments.
55
56 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
57 @param privateKey: Private key for client authentication.
58 Requires the 'certChain' argument. Excludes the SRP arguments.
59
60 @type x509Fingerprint: str
61 @param x509Fingerprint: Hex-encoded X.509 fingerprint for
62 server authentication.
63
64 @type tackID: str
65 @param tackID: TACK ID for server authentication.
66
67 @type hardTack: bool
68 @param hardTack: Whether to raise TackBreakSigError on TACK Break.
69
70 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
71 @param settings: Various settings which can be used to control
72 the ciphersuites, certificate types, and SSL/TLS versions
73 offered by the client.
74 """
75 (resp, reply) = self.docmd("STARTTLS")
76 if resp == 220:
77 helper = ClientHelper(
78 username, password,
79 certChain, privateKey,
80 x509Fingerprint,
81 tackID, hardTack,
82 settings)
83 conn = TLSConnection(self.sock)
84 helper._handshake(conn)
85 self.sock = conn
86 self.file = conn.makefile('rb')
87 return (resp, reply)
88