如何在python中的活动连接上启动TLS?
问题内容:
以下是我当前用于连接587端口gmail的smtp服务器的代码。发出STARTTLS命令后,如何完成TLS会话协商并开始发出诸如AUTH
LOGIN和MAIL FROM的命令?我省略了我的Base64编码的gmail用户名,并将其替换为代码底部附近的xxxxxxxx。
我从这个程序的输出是:
220 mx.google.com ESMTP y10sm3296641yhd.6
250-mx.google.com随时为您服务,[75.66.47.144]
250尺寸35882577
250-8BITMIME
250-STARTTLS
250个增强的状态代码
220 2.0.0准备启动TLS
from socket import *
import ssl
msg = "\r\n smtp.."
endmsg = "\r\n.\r\n"
# Mailserver hostname and port to be used.
mailserver = ("smtp.gmail.com", 587)
# Create a socket and create an active TCP connection with the mailserver
clientSocket = socket(AF_INET, SOCK_STREAM);
clientSocket.connect(mailserver)
# Read server response
recv = clientSocket.recv(1024)
print recv
if recv[:3] != '220':
print '220 reply not received from server.'
# Send EHLO command and print server response.
ehloCommand = 'EHLO smtp.google.com\r\n'
clientSocket.send(ehloCommand)
recv1 = clientSocket.recv(1024)
print recv1
if recv1[:3] != '250':
print '250 reply not received from server.'
# Send STARTTLS command to server and print server response
command = "STARTTLS\r\n"
clientSocket.send(command)
recv1 = clientSocket.recv(1024)
print recv1
if recv[:3] != '220':
print '220 reply not received from server.'
# SEND AUTH LOGIN command and Base64 encoded username
command = "AUTH LOGIN xxxxxxxxxxxxx\r\n"
clientSocket.send(command)
recv1 = clientSocket.recv(1024)
print recv1
问题答案:
您可以ssl包装连接的套接字。这会给你的想法:
import ssl
import base64
from socket import *
cc = socket(AF_INET, SOCK_STREAM)
cc.connect(("smtp.gmail.com", 587))
# cc.read(..)
cc.send('helo tester.com\r\n')
cc.send('starttls\r\n')
# cc.read(..) If the server responds ok to starttls
# tls negotiation needs to happen and all
# communication is then over the SSL socket
scc = ssl.wrap_socket(cc, ssl_version=ssl.PROTOCOL_SSLv23)
scc.send('auth login\r\n')
# scc.read(..)
scc.send(base64.b64encode('username')+'\r\n')
scc.send(base64.b64encode('password')+'\r\n')
# css.send(
# mail from:
# rcpt to:
# data
# etc
有关此用户名/密码编码的信息,请参见此页面的“ AUTH
LOGIN”部分:http : //www.samlogic.net/articles/smtp-commands-reference-
auth.htm
将AUTH LOGIN命令发送到服务器后,服务器通过向客户端发送BASE64编码的文本(问题)来询问用户名和密码。在上面的示例中,“
VXNlcm5hbWU6”是单词“ Username”的BASE64编码文本,“ UGFzc3dvcmQ6”是单词“
Password”的BASE64编码文本。客户端也使用BASE64编码发送用户名和密码。在上面的示例中,“
adlxdkej”是BASE64编码的用户名,“ lkujsefxlj”是BASE64编码的密码。
