Ensure no ALPN is negotiated for SMTP (#142296)

2025-07-15 17:27:10 +00:00 · 2025-04-13 00:02:07 +02:00 · 2025-04-13 00:02:07 +02:00 · d6b4f1c95d
commit d6b4f1c95d
parent 67c0af4c57
2 changed files with 9 additions and 4 deletions
--- a/homeassistant/components/smtp/notify.py
+++ b/homeassistant/components/smtp/notify.py
@ -38,7 +38,7 @@ from homeassistant.helpers import config_validation as cv
 from homeassistant.helpers.reload import setup_reload_service
 from homeassistant.helpers.typing import ConfigType, DiscoveryInfoType
 from homeassistant.util import dt as dt_util
-from homeassistant.util.ssl import client_context
+from homeassistant.util.ssl import create_client_context

 from .const import (
    ATTR_HTML,
@ -86,6 +86,7 @@ def get_service(
 ) -> MailNotificationService | None:
    """Get the mail notification service."""
    setup_reload_service(hass, DOMAIN, PLATFORMS)
+    ssl_context = create_client_context() if config[CONF_VERIFY_SSL] else None
    mail_service = MailNotificationService(
        config[CONF_SERVER],
        config[CONF_PORT],
@ -98,6 +99,7 @@ def get_service(
        config.get(CONF_SENDER_NAME),
        config[CONF_DEBUG],
        config[CONF_VERIFY_SSL],
+        ssl_context,
    )

    if mail_service.connection_is_valid():
@ -122,6 +124,7 @@ class MailNotificationService(BaseNotificationService):
        sender_name,
        debug,
        verify_ssl,
+        ssl_context,
    ):
        """Initialize the SMTP service."""
        self._server = server
@ -136,23 +139,23 @@ class MailNotificationService(BaseNotificationService):
        self.debug = debug
        self._verify_ssl = verify_ssl
        self.tries = 2
+        self._ssl_context = ssl_context

    def connect(self):
        """Connect/authenticate to SMTP Server."""
-        ssl_context = client_context() if self._verify_ssl else None
        if self.encryption == "tls":
            mail = smtplib.SMTP_SSL(
                self._server,
                self._port,
                timeout=self._timeout,
-                context=ssl_context,
+                context=self._ssl_context,
            )
        else:
            mail = smtplib.SMTP(self._server, self._port, timeout=self._timeout)
        mail.set_debuglevel(self.debug)
        mail.ehlo_or_helo_if_needed()
        if self.encryption == "starttls":
-            mail.starttls(context=ssl_context)
+            mail.starttls(context=self._ssl_context)
            mail.ehlo()
        if self.username and self.password:
            mail.login(self.username, self.password)
--- a/tests/components/smtp/test_notify.py
+++ b/tests/components/smtp/test_notify.py
@ -14,6 +14,7 @@ from homeassistant.const import SERVICE_RELOAD
 from homeassistant.core import HomeAssistant
 from homeassistant.exceptions import ServiceValidationError
 from homeassistant.setup import async_setup_component
+from homeassistant.util.ssl import create_client_context

 from tests.common import get_fixture_path

@ -84,6 +85,7 @@ def message():
        "Home Assistant",
        0,
        True,
+        create_client_context(),
    )