bzr email commit hook

SSL error on starttls()

Bug #388723 reported by Display Name on 2009-06-17

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	bzr email commit hook	Fix Released	Medium	Unassigned

Bug Description

The smtp I'm using does not require authentication. When I perform a bzr commit I get the error bellow from bzr-email. When I remove the starttls() call it works fine.

bzr: ERROR: socket.sslerror: (1, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')

Traceback (most recent call last):
  File "bzrlib\commands.pyo", line 729, in exception_to_return_code
  File "bzrlib\commands.pyo", line 924, in run_bzr
  File "bzrlib\commands.pyo", line 560, in run_argv_aliases
  File "bzrlib\builtins.pyo", line 2932, in run
  File "bzrlib\decorators.pyo", line 192, in write_locked
  File "bzrlib\workingtree_4.pyo", line 226, in commit
  File "bzrlib\decorators.pyo", line 192, in write_locked
  File "bzrlib\mutabletree.pyo", line 228, in commit
  File "bzrlib\commit.pyo", line 407, in commit
  File "bzrlib\commit.pyo", line 524, in _process_post_hooks
  File "bzrlib\commit.pyo", line 563, in _process_hooks
  File "<bzr-home>\plugins\email\__init__.py", line 91, in branch_commit_hook
  File "<bzr-home>\plugins\email\emailer.py", line 265, in send_maybe
  File "<bzr-home>\plugins\email\emailer.py", line 200, in send
  File "<bzr-home>\plugins\email\emailer.py", line 249, in _send_using_smtplib
  File "<bzr-home>\plugins\email\smtp_connection.py", line 240, in send_text_and_attachment_email
  File "<bzr-home>\plugins\email\smtp_connection.py", line 201, in send_email
  File "<bzr-home>\plugins\email\smtp_connection.py", line 66, in _connect
  File "<bzr-home>\plugins\email\smtp_connection.py", line 84, in _create_connection
  File "smtplib.pyo", line 605, in starttls
  File "socket.pyo", line 74, in ssl
sslerror: (1, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')

bzr 1.15 on python 2.5.2 (win32)
arguments: ['bzr', 'commit', '-m', 'Teste']
encoding: 'cp1252', fsenc: 'mbcs', lang: None
plugins:
  bzrtools <bzr-home>\plugins\bzrtools [1.15]
  email <bzr-home>\plugins\email [unknown]
  launchpad <bzr-home>\plugins\launchpad [1.15]
  netrc_credential_store <bzr-home>\plugins\netrc_credential_store [1.15]
  qbzr <bzr-home>\plugins\qbzr [0.9.9]
  svn <bzr-home>\plugins\svn [0.6.1]
  xmloutput <bzr-home>\plugins\xmloutput [0.8.4]
*** Bazaar has encountered an internal error.
    Please report a bug at https://bugs.launchpad.net/bzr/+filebug
    including this traceback, and a description of what you
    were doing when the error occurred.

See original description

Tags:

Display Name (user340562791542-deactivatedaccount) on 2009-06-17

description:	updated
description:	updated

Revision history for this message

Robert Collins (lifeless) wrote on 2009-06-18: Re: [Bug 388723] Re: SSL error on starttls()

tls/ssl isn't about authentication, its about encryption. FWIW.

The only theory I have about what is happening here is that your mail
server is broken - its offering TLS but then erroring, perhaps because
it doesn't have an ssl certificate.

Is it MS Exchange, by chance?

-Rob

Revision history for this message

Robert Collins (lifeless) wrote on 2009-06-18:

On Thu, 2009-06-18 at 03:16 +0000, Renato Silva wrote:
> I just mean that no encryption procedure is supposed to be executed
> when
> you connect to anonymous smtp servers, is it?

Its entirely appropriate to encrypt where possible. I'm still quite sure
that this is a broken or misconfigured server, or perhaps something
strange in the ssl support on your machine.

However, I'm not against adding an option to disable tls for working
with such servers.

I would like to actually understand exactly what is going wrong before
changing things though, because that way we can fix the right bug.

-Rob

Revision history for this message

John A Meinel (jameinel) wrote on 2009-10-09:

actually, I think the issue is that 'bzr-email' always tries 'STARTTLS' regardless if the server says it is available.

The best fix would be to change bzr-email to use bzrlib.smtp_connection instead of its own. There we have:

if self._connection.has_extn("starttls"):
    code, resp = self._connection.starttls()
    if not (200 <= code <= 299):
        raise SMTPError("server refused STARTTLS: %d %s" % (code, resp))
    # Say EHLO again, to check for newly revealed features
    code, resp = self._connection.ehlo()
    if not (200 <= code <= 299):
        raise SMTPError("server refused EHLO: %d %s" % (code, resp))

Or possibly fix bzr-email itself with that sort of fix.

Jelmer Vernooij (jelmer) on 2011-02-14

Changed in bzr-email:
status:	New → Triaged
importance:	Undecided → Medium
assignee:	nobody → Renato Silva (renatosilva)
assignee:	Renato Silva (renatosilva) → nobody

Jelmer Vernooij (jelmer) on 2011-02-14

Changed in bzr-email:
status:	Triaged → Fix Committed
assignee:	nobody → Renato Silva (renatosilva)

Jelmer Vernooij (jelmer) on 2012-03-29

Changed in bzr-email:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.