[3.13] gh-127712: Fix secure argument of logging.handlers.SMTPHandler (GH-127726) (GH-129955)

(cherry picked from commit d7672e5d5a)
2025-08-01 23:53:15 +00:00 · 2025-02-10 15:30:31 +01:00 · 2025-02-10 15:30:31 +01:00 · fd665d5f09
commit fd665d5f09
parent 7df30bbc49
2 changed files with 19 additions and 2 deletions
--- a/Lib/logging/handlers.py
+++ b/Lib/logging/handlers.py
@ -1040,7 +1040,8 @@ class SMTPHandler(logging.Handler):
        only be used when authentication credentials are supplied. The tuple
        will be either an empty tuple, or a single-value tuple with the name
        of a keyfile, or a 2-value tuple with the names of the keyfile and
-        certificate file. (This tuple is passed to the `starttls` method).
+        certificate file. (This tuple is passed to the
+        `ssl.SSLContext.load_cert_chain` method).
        A timeout in seconds can be specified for the SMTP connection (the
        default is one second).
        """
@ -1093,8 +1094,23 @@ class SMTPHandler(logging.Handler):
            msg.set_content(self.format(record))
            if self.username:
                if self.secure is not None:
+                    import ssl
+
+                    try:
+                        keyfile = self.secure[0]
+                    except IndexError:
+                        keyfile = None
+
+                    try:
+                        certfile = self.secure[1]
+                    except IndexError:
+                        certfile = None
+
+                    context = ssl._create_stdlib_context(
+                        certfile=certfile, keyfile=keyfile
+                    )
                    smtp.ehlo()
-                    smtp.starttls(*self.secure)
+                    smtp.starttls(context=context)
                    smtp.ehlo()
                smtp.login(self.username, self.password)
            smtp.send_message(msg)