-
-
Notifications
You must be signed in to change notification settings - Fork 33.2k
Closed
Labels
stdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error
Description
Bug report
Bug description:
When using smtplib to send emails in an environment where MD5 is not supported (e.g. FIPS), using SMTP.login to authenticate with an SMTP server will fail with:
File "/usr/lib64/python3.9/smtplib.py", line 739, in login
(code, resp) = self.auth(
File "/usr/lib64/python3.9/smtplib.py", line 652, in auth
authobject(challenge).encode('ascii'), eol='')
File "/usr/lib64/python3.9/smtplib.py", line 670, in auth_cram_md5
return self.user + " " + hmac.HMAC(
File "/usr/lib64/python3.9/hmac.py", line 60, in _init_
self._init_hmac(key, msg, digestmod)
File "/usr/lib64/python3.9/hmac.py", line 69, in _init_hmac
self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
ValueError: [digital envelope routines] unsupported
The docs for SMTP.login say:
"Each of the authentication methods supported by smtplib are tried in turn if they are advertised as supported by the server."
But the problem here is auth_cram_md5 is always attempted first and the ValueError is not caught so smtplib never moves on to other authentication methods
CPython versions tested on:
3.9
Operating systems tested on:
Linux
Linked PRs
- gh-136134: Fallback to next auth method when CRAM-MD5 fails due to unsupported hash (e.g. FIPS) #136188
- gh-136134: imaplib: fix CRAM-MD5 on FIPS-only environments #136615
- [3.14] gh-136134: imaplib: fix CRAM-MD5 on FIPS-only environments (GH-136615) #138051
- [3.14] gh-136134: imaplib: fix CRAM-MD5 on FIPS-only environments (GH-136615) #138054
- [3.13] gh-136134: imaplib: fix CRAM-MD5 on FIPS-only environments (GH-136615) #138055
- gh-136134: smtplib: fix CRAM-MD5 on FIPS-only environments #136623
- [3.14] gh-136134: smtplib: fix CRAM-MD5 on FIPS-only environments (GH-136623) #138086
- [3.13] gh-136134: smtplib: fix CRAM-MD5 on FIPS-only environments (GH-136623) #138087
- gh-136134: restore truncated comment post GH-136623 #138088
LamentXU123
Metadata
Metadata
Assignees
Labels
stdlibStandard Library Python modules in the Lib/ directoryStandard Library Python modules in the Lib/ directorytype-bugAn unexpected behavior, bug, or errorAn unexpected behavior, bug, or error