Path: csiph.com!usenet.pasdenom.info!news.albasani.net!newsfeed.freenet.ag!news2.euro.net!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path: <debacle@debian.org>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.001
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'exception': 0.03; 'argument': 0.04; 'host,': 0.07; 'resp': 0.07; 'subject:skip:c 10': 0.07; 'python': 0.09; '__init__': 0.09; 'library?': 0.09; 'advance!': 0.16; 'defaults.': 0.16; 'openssl': 0.16; 'port)': 0.16; 'self.sslobj': 0.16; 'sense,': 0.16; 'ssl_version': 0.16; 'library,': 0.17; 'specify': 0.17; 'ssl': 0.17; '>>>': 0.18; 'skip:" 30': 0.20; 'import': 0.21; '"",': 0.22; 'skip:_ 20': 0.22; 'seems': 0.23; 'header:User-Agent:1': 0.26; 'skip:" 20': 0.26; '(most': 0.27; 'skip:( 20': 0.28; 'readline': 0.29; 'skip:_ 10': 0.29; 'version,': 0.30; 'code': 0.31; 'file': 0.32; 'could': 0.32; 'skip:s 30': 0.33; 'traceback': 0.33; 'problem': 0.33; 'to:addr :python-list': 0.33; 'hi,': 0.33; 'version': 0.34; 'changed': 0.34; 'thanks': 0.34; 'server': 0.35; 'add': 0.36; 'does': 0.37; 'option': 0.37; 'data': 0.37; 'to:addr:python.org': 0.39; 'received:192': 0.39; 'content-disposition:inline': 0.60; 'different': 0.63; 'dat': 0.65; 'capability': 0.91; 'states,': 0.93; 'anymore,': 0.95
X-Envelope-From: debacle@debian.org
X-Envelope-To: <python-list@python.org>
Date: Mon, 25 Feb 2013 23:43:27 +0100
From: "W. Martin Borgert" <debacle@debian.org>
To: python-list@python.org
Subject: IMAP4_SSL and OpenSSL compatibility
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Scanned-By: MIMEDefang_at_IN-Berlin_e.V. on 192.109.42.8
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.2524.1361834200.2939.python-list@python.org>
Lines: 57
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1361834200 news.xs4all.nl 6884 [2001:888:2000:d::a6]:34096
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:39915

Hi,

after an upgrade from Debian squeeze to Debian wheezy, I could
not connect to a Microsoft Exchange Server 2003 anymore, because
the OpenSSL library, Python is linked with, changed from version
0.9.8o to 1.0.1e, which has different defaults. The code is:

>>> import imaplib
>>> IMAP4_SSL("192.168.1.1")

With the new OpenSSL version, the following exception is raised:

Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
   File "/usr/lib/python2.7/imaplib.py", line 1148, in __init__
     IMAP4.__init__(self, host, port)
   File "/usr/lib/python2.7/imaplib.py", line 192, in __init__
     typ, dat = self.capability()
   File "/usr/lib/python2.7/imaplib.py", line 361, in capability
     typ, dat = self._simple_command(name)
   File "/usr/lib/python2.7/imaplib.py", line 1070, in _simple_command
     return self._command_complete(name, self._command(name, *args))
   File "/usr/lib/python2.7/imaplib.py", line 897, in _command_complete
     typ, data = self._get_tagged_response(tag)
   File "/usr/lib/python2.7/imaplib.py", line 999, in _get_tagged_response
     self._get_response()
   File "/usr/lib/python2.7/imaplib.py", line 916, in _get_response
     resp = self._get_line()
   File "/usr/lib/python2.7/imaplib.py", line 1009, in _get_line
     line = self.readline()
   File "/usr/lib/python2.7/imaplib.py", line 1171, in readline
     return self.file.readline()
   File "/usr/lib/python2.7/socket.py", line 447, in readline
     data = self._sock.recv(self._rbufsize)
   File "/usr/lib/python2.7/ssl.py", line 241, in recv
     return self.read(buflen)
   File "/usr/lib/python2.7/ssl.py", line 160, in read
     return self._sslobj.read(len)
ssl.SSLError: [Errno 1] _ssl.c:1359: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number

The problem seems to be, that IMAP4_SSL does not specify the SSL
version, so the default is used (ssl.PROTOCOL_SSLv23?). The
Python documentation states, that for clients the best option in
terms of compatilibity is ssl.PROTOCOL_SSLv3.

When I add an ssl_version argument to the call to
ssl.wrap_socket() in imaplib.IMAP4_SSL.open(), I can connect to
the Exchange server without problems:

self.sslobj = ssl.wrap_socket(self.sock, self.keyfile, self.certfile,
                              ssl_version = ssl.PROTOCOL_SSLv3)

Would it make sense, to make this change in the Python standard
library?

Thanks in advance!