chore: made set_ecdh_curve conditional

This increases compatibility with older versions of OpenSSL. Fixes a critical issue with the SMTP client when connecting with SMTP servers with older versions of OpenSSL.
hivesolutions · Jan 18, 2024 · 9a50cc5 · 9a50cc5
1 parent 233b5eb
commit 9a50cc5
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 * Context information `tos` in the Postmaster email handling
+* Critical issue with the SMTP client when connecting with SMTP servers with older versions of OpenSSL
 
 ## [1.19.2] - 2024-01-17
 

diff --git a/src/netius/base/common.py b/src/netius/base/common.py
@@ -3591,14 +3591,13 @@ def _ssl_init(self, strict = True, env = True):
         # is available, so that proper concrete context may be set, note
         # that in case the strict mode is enabled (default) the context
         # is unset for situation where no callback registration is possible
-        self._ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
-        #self._ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-        #self._ssl_ctx_base(
-        #    self._ssl_context,
-        #    secure = secure,
-        #    context_options = context_options
-        #)
-        #self._ssl_ctx_protocols(self._ssl_context)
+        self._ssl_context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+        self._ssl_ctx_base(
+            self._ssl_context,
+            secure = secure,
+            context_options = context_options
+        )
+        self._ssl_ctx_protocols(self._ssl_context)
         self._ssl_certs(self._ssl_context)
         has_callback = hasattr(self._ssl_context, "set_servername_callback")
         if has_callback: self._ssl_context.set_servername_callback(self._ssl_callback)
@@ -3670,7 +3669,7 @@ def _ssl_ctx_base(self, context, secure = 1, context_options = []):
         for context_option in context_options:
             if not hasattr(ssl, context_option): continue
             context.options |= getattr(ssl, context_option)
-        if secure and hasattr(context, "set_ecdh_curve"):
+        if secure >= 2 and hasattr(context, "set_ecdh_curve"):
             context.set_ecdh_curve("prime256v1")
         if secure >= 1 and SSL_DH_PATH and hasattr(context, "load_dh_params"):
             context.load_dh_params(SSL_DH_PATH)