当由于内部服务器错误而尝试向管理员发送电子邮件时，Django 无法正确启动TLS

Question

我有一个非常奇怪的问题。当发生内部服务器错误时，Django 1.6 尝试向管理员发送电子邮件，显然它同意邮件服务器使用 TLS，但随后无法使用它。这是嗅探到的流量:

T 2a00:1450:400c:c0c::6d:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 [AP]
  220 smtp.gmail.com ESMTP lh1sm2677557wjb.20 - gsmtp..                      
##
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 -> 2a00:1450:400c:c0c::6d:587 [AP]
  ehlo peneios.cressendo.org..                                               
##
T 2a00:1450:400c:c0c::6d:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 [AP]
  250-smtp.gmail.com at your service, [2001:648:2ffc:1014:a800:ff:fe6b:e499].
  .250-SIZE 35882577..250-8BITMIME..250-STARTTLS..250-ENHANCEDSTATUSCODES..25
  0-PIPELINING..250-CHUNKING..250 SMTPUTF8..                                 
#
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 -> 2a00:1450:400c:c0c::6d:587 [AP]
  STARTTLS..                                                                 
#
T 2a00:1450:400c:c0c::6d:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 [AP]
  220 2.0.0 Ready to start TLS..                                             
#
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 -> 2a00:1450:400c:c0c::6d:587 [AP]
  mail FROM:<<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="0b6564796e7b67724b63726f79647868647b6e256c79" rel="noreferrer noopener nofollow">[email protected]</a>> size=6578..                              
#
T 2a00:1450:400c:c0c::6d:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:49271 [AP]
  ......F                              

如您所见，虽然邮件服务器同意启动 TLS，但 Django 随后发送了一条未加密的 mail FROM: 指令。

但是如果我使用 ./manage.py shell 连接到 Django 并运行:

from django.core.mail import mail_admins
mail_admins('hello', 'hello world')

电子邮件发送正确:

T 2a00:1450:400c:c09::6c:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 [AP]
  220 smtp.gmail.com ESMTP i2sm2684051wjx.42 - gsmtp..                       
##
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 -> 2a00:1450:400c:c09::6c:587 [AP]
  ehlo peneios.cressendo.org..                                               
##
T 2a00:1450:400c:c09::6c:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 [AP]
  250-smtp.gmail.com at your service, [2001:648:2ffc:1014:a800:ff:fe6b:e499].
  .250-SIZE 35882577..250-8BITMIME..250-STARTTLS..250-ENHANCEDSTATUSCODES..25
  0-PIPELINING..250-CHUNKING..250 SMTPUTF8..                                 
#
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 -> 2a00:1450:400c:c09::6c:587 [AP]
  STARTTLS..                                                                 
#
T 2a00:1450:400c:c09::6c:587 -> 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 [AP]
  220 2.0.0 Ready to start TLS..                                             
#
T 2001:648:2ffc:1014:a800:ff:fe6b:e499:53565 -> 2a00:1450:400c:c09::6c:587 [AP]
  ...........z/x....%....y.F.F..i..8.._w...S...z.0.,.2.../.+.1.-.........(.$.
  ....*.&.....k.j.9.8.'.#.....).%<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="200e0e0e0e0e470e600e130e120e0e0e0e0e0e0e0e0e0e0e0e0e650e64" rel="noreferrer noopener nofollow">[email protected]</a>.........=.5.<./
[practically nothing readable from this point on]

Answer 1

我发现了问题。

使用 ./manage.py shell 运行系统与通过 Web 服务器运行系统之间的区别在于，后者使用的是 gevent。该系统运行的是 Debian 的 gevent 1.0.1，它有一个 bug在 SSL 代码中。这在 Django 启动 TLS 时引发了异常。

Django 没有在错误处立即停止，而是假装错误没有发生并继续尝试发送电子邮件，这导致了嗅探中显示的奇怪行为。这是Django bug .