CRAM-MD5 fails if Python has been built without HMAC-MD5 support #136134
Description
Bug report
Bug description:
When using smtplib to send emails in an environment where MD5 is not supported (e.g. FIPS), using SMTP.login to authenticate with an SMTP server will fail with:
File "/usr/lib64/python3.9/smtplib.py", line 739, in login
(code, resp) = self.auth(
File "/usr/lib64/python3.9/smtplib.py", line 652, in auth
authobject(challenge).encode('ascii'), eol='')
File "/usr/lib64/python3.9/smtplib.py", line 670, in auth_cram_md5
return self.user + " " + hmac.HMAC(
File "/usr/lib64/python3.9/hmac.py", line 60, in _init_
self._init_hmac(key, msg, digestmod)
File "/usr/lib64/python3.9/hmac.py", line 69, in _init_hmac
self._hmac = _hashopenssl.hmac_new(key, msg, digestmod=digestmod)
ValueError: [digital envelope routines] unsupported
The docs for SMTP.login say:
"Each of the authentication methods supported by smtplib are tried in turn if they are advertised as supported by the server."
But the problem here is auth_cram_md5 is always attempted first and the ValueError is not caught so smtplib never moves on to other authentication methods
CPython versions tested on:
3.9
Operating systems tested on:
Linux