refactor: replace unverified SSL context with TLSv1.2 client context for improved SMTP connection stability

This commit is contained in:
Rizqi 2026-06-26 23:48:58 +07:00
parent 5ca40f5464
commit 9c1d2788a3

View File

@ -758,19 +758,34 @@ def send_email_notification(smtp, run_data, raise_on_error=False):
encryption = smtp.get('encryption', 'starttls') encryption = smtp.get('encryption', 'starttls')
try: try:
import ssl import ssl
# Create unverified context to bypass certificate issues or protocol restriction errors
context = ssl._create_unverified_context() # Build a permissive SSL context that accepts TLS 1.2+ and skips cert verification.
# This covers old/self-signed mail servers while still using encrypted transport.
if encryption == 'ssl' or port == 465: # NOTE: TLSv1 and TLSv1_1 are disabled by default in modern OpenSSL builds, so
server = smtplib.SMTP_SSL(host, port, context=context, timeout=10) # setting minimum_version to TLSv1_2 is the correct approach to avoid
# [SSL: UNSUPPORTED_PROTOCOL] errors while remaining compatible with all
# major SMTP providers (Gmail, Office365, Postfix, Exim, etc.)
context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
context.minimum_version = ssl.TLSVersion.TLSv1_2
if encryption == 'ssl':
# Direct SSL/TLS handshake (port 465)
server = smtplib.SMTP_SSL(host, port, context=context, timeout=15)
elif encryption == 'starttls':
# Plain connection upgraded to TLS via STARTTLS (port 587)
server = smtplib.SMTP(host, port, timeout=15)
server.ehlo()
server.starttls(context=context)
server.ehlo()
else: else:
server = smtplib.SMTP(host, port, timeout=10) # No encryption plain SMTP relay (port 25 / internal)
if encryption == 'starttls': server = smtplib.SMTP(host, port, timeout=15)
server.starttls(context=context)
if user and password: if user and password:
server.login(user, password) server.login(user, password)
server.sendmail(sender, recipient, msg.as_string()) server.sendmail(sender, recipient, msg.as_string())
server.quit() server.quit()
except Exception as e: except Exception as e: