[REM] base: use of PyOpenSSLContext in mail server

The mail server mostly doesn't use the intrinsic features of
`PyOpenSSLContext`, instead it pretty much just uses the underlying
`OpenSSL.SSL.Context`, just through the wrapper.

The only thing it actually uses from `PyOpenSSLContext` is
`load_cert_chain`, and since we are using a keyfile and are not using
a password this is equivalent to *two* function calls. Just perform
those two calls directly, remove all the indirections, and remove the
unnecessary import.

Bonus content: since 2.0 `load_cert_chain` reraises the inner errors
as `ssl.SSLError` which we don't handle, so we avoid this extra issue.

This was discovered because from 2.0.0 to 2.0.4 the
`contrib.pyopenssl` module was marked as deprecated (it was
undeprecated in 2.0.5) but regardless its use is an unnecessary
complication here.

closes odoo#137198

X-original-commit: e534bbe
Signed-off-by: Xavier Morel (xmo) <[email protected]>

odoo/addons/base/models/ir_mail_server.py

@@ -18,8 +18,7 @@
 from socket import gaierror, timeout
 from OpenSSL import crypto as SSLCrypto
 from OpenSSL.crypto import Error as SSLCryptoError, FILETYPE_PEM
-from OpenSSL.SSL import Error as SSLError
-from urllib3.contrib.pyopenssl import PyOpenSSLContext
+from OpenSSL.SSL import Context as SSLContext, Error as SSLError
 
 from odoo import api, fields, models, tools, _
 from odoo.exceptions import UserError
@@ -338,15 +337,15 @@ def connect(self, host=None, port=None, user=None, password=None, encryption=Non
                and mail_server.smtp_ssl_certificate
                and mail_server.smtp_ssl_private_key):
                 try:
-                    ssl_context = PyOpenSSLContext(ssl.PROTOCOL_TLS)
+                    ssl_context = SSLContext(ssl.PROTOCOL_TLS)
                     smtp_ssl_certificate = base64.b64decode(mail_server.smtp_ssl_certificate)
                     certificate = SSLCrypto.load_certificate(FILETYPE_PEM, smtp_ssl_certificate)
                     smtp_ssl_private_key = base64.b64decode(mail_server.smtp_ssl_private_key)
                     private_key = SSLCrypto.load_privatekey(FILETYPE_PEM, smtp_ssl_private_key)
-                    ssl_context._ctx.use_certificate(certificate)
-                    ssl_context._ctx.use_privatekey(private_key)
+                    ssl_context.use_certificate(certificate)
+                    ssl_context.use_privatekey(private_key)
                     # Check that the private key match the certificate
-                    ssl_context._ctx.check_privatekey()
+                    ssl_context.check_privatekey()
                 except SSLCryptoError as e:
                     raise UserError(_('The private key or the certificate is not a valid file. \n%s', str(e)))
                 except SSLError as e:
@@ -372,10 +371,11 @@ def connect(self, host=None, port=None, user=None, password=None, encryption=Non
 
             if smtp_ssl_certificate_filename and smtp_ssl_private_key_filename:
                 try:
-                    ssl_context = PyOpenSSLContext(ssl.PROTOCOL_TLS)
-                    ssl_context.load_cert_chain(smtp_ssl_certificate_filename, keyfile=smtp_ssl_private_key_filename)
+                    ssl_context = SSLContext(ssl.PROTOCOL_TLS)
+                    ssl_context.use_certificate_chain_file(smtp_ssl_certificate_filename)
+                    ssl_context.use_privatekey_file(smtp_ssl_private_key_filename)
                     # Check that the private key match the certificate
-                    ssl_context._ctx.check_privatekey()
+                    ssl_context.check_privatekey()
                 except SSLCryptoError as e:
                     raise UserError(_('The private key or the certificate is not a valid file. \n%s', str(e)))
                 except SSLError as e: