** backport r60015 from trunk.

- Issue829951: In the smtplib module, SMTP.starttls() now complies with
  RFC 3207 and forgets any knowledge obtained from the server not obtained
  from the TLS negotiation itself.  Patch contributed by Bill Fenner.

diff --git a/Lib/smtplib.py b/Lib/smtplib.py
index 9c8c4fa48cbc5a5451d0767fe7127f651f2a4f39..1b9739c81a6e7529f67f6b361d96ff3c0699098b 100755 (executable)
--- a/Lib/smtplib.py
+++ b/Lib/smtplib.py
@@ -605,6 +605,14 @@ class SMTP:
             sslobj = socket.ssl(self.sock, keyfile, certfile)
             self.sock = SSLFakeSocket(self.sock, sslobj)
             self.file = SSLFakeFile(sslobj)
+            # RFC 3207:
+            # The client MUST discard any knowledge obtained from
+            # the server, such as the list of SMTP service extensions,
+            # which was not obtained from the TLS negotiation itself.
+            self.helo_resp = None
+            self.ehlo_resp = None
+            self.esmtp_features = {}
+            self.does_esmtp = 0
         return (resp, reply)
 
     def sendmail(self, from_addr, to_addrs, msg, mail_options=[],

diff --git a/Misc/NEWS b/Misc/NEWS
index 77e97f05093c8542b7fadf8d403cc5b84f5f51bb..f4b98deb67909154548aac2432c3ba9c08c63ba5 100644 (file)
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -165,6 +165,10 @@ Library
 - Issue1385: The hmac module now computes the correct hmac when using hashes
   with a block size other than 64 bytes (such as sha384 and sha512).
 
+- Issue829951: In the smtplib module, SMTP.starttls() now complies with 
+  RFC 3207 and forgets any knowledge obtained from the server not obtained
+  from the TLS negotiation itself.  Patch contributed by Bill Fenner.
+
 
 Extension Modules
 -----------------