1
2
3
4 """TLS Lite + smtplib."""
5
6 from smtplib import SMTP
7 from tlslite.tlsconnection import TLSConnection
8 from tlslite.integration.clienthelper import ClientHelper
9
11 """This class extends L{smtplib.SMTP} with TLS support."""
12
13 - def starttls(self,
14 username=None, password=None,
15 certChain=None, privateKey=None,
16 checker=None,
17 settings=None):
18 """Puts the connection to the SMTP server into TLS mode.
19
20 If the server supports TLS, this will encrypt the rest of the SMTP
21 session.
22
23 For client authentication, use one of these argument
24 combinations:
25 - username, password (SRP)
26 - certChain, privateKey (certificate)
27
28 For server authentication, you can either rely on the
29 implicit mutual authentication performed by SRP or
30 you can do certificate-based server
31 authentication with one of these argument combinations:
32 - x509Fingerprint
33
34 Certificate-based server authentication is compatible with
35 SRP or certificate-based client authentication.
36
37 The caller should be prepared to handle TLS-specific
38 exceptions. See the client handshake functions in
39 L{tlslite.TLSConnection.TLSConnection} for details on which
40 exceptions might be raised.
41
42 @type username: str
43 @param username: SRP username. Requires the
44 'password' argument.
45
46 @type password: str
47 @param password: SRP password for mutual authentication.
48 Requires the 'username' argument.
49
50 @type certChain: L{tlslite.x509certchain.X509CertChain}
51 @param certChain: Certificate chain for client authentication.
52 Requires the 'privateKey' argument. Excludes the SRP arguments.
53
54 @type privateKey: L{tlslite.utils.rsakey.RSAKey}
55 @param privateKey: Private key for client authentication.
56 Requires the 'certChain' argument. Excludes the SRP arguments.
57
58 @type checker: L{tlslite.checker.Checker}
59 @param checker: Callable object called after handshaking to
60 evaluate the connection and raise an Exception if necessary.
61
62 @type settings: L{tlslite.handshakesettings.HandshakeSettings}
63 @param settings: Various settings which can be used to control
64 the ciphersuites, certificate types, and SSL/TLS versions
65 offered by the client.
66 """
67 (resp, reply) = self.docmd("STARTTLS")
68 if resp == 220:
69 helper = ClientHelper(
70 username, password,
71 certChain, privateKey,
72 checker,
73 settings)
74 conn = TLSConnection(self.sock)
75 helper._handshake(conn)
76 self.sock = conn
77 self.file = conn.makefile('rb')
78 return (resp, reply)
79