URL:
https://github.com/freeipa/freeipa/pull/5262
Author: tiran
Title: #5262: Fix TLS/SSL related issues in EPN
Action: opened
PR body:
"""
Prevent downgrade attack when admin requests STARTTLS but server does
not return STARTTLS in EHLO message. The SMTP.starttls() methods checks
for has_extn("starttls") and fails with SMTPNotSupportedError when the
extension is not available. SMTPNotSupportedError is a subclass of
SMTPException.
Verify cert chain and hostname in starttls() and SMTP_SSL. The smtplib
module defaults to unverified connection.
Fixes:
https://pagure.io/freeipa/issue/8578
Fixes:
https://pagure.io/freeipa/issue/8579
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5262/head:pr5262
git checkout pr5262