[Django] #34550: Send email with EMAIL_USE_TLS=True but get SSL error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1007)
Django
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate (_ssl.c:1007)
---------------------------------------+------------------------
Reporter: aliceni81 | Owner: nobody
Type: Bug | Status: new
Component: Core (Mail) | Version: 4.2
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
---------------------------------------+------------------------
When I upgrade django from 4.1.8 to 4.2.1, I cannot send email by STMP.
My setting is:
EMAIL_USE_TLS = True
EMAIL_USE_SSL = False
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = None
The error is:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate (_ssl.c:1007) : Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/django_q/cluster.py", line
432, in worker
res = f(*task["args"], **task["kwargs"])
File "/usr/local/lib/python3.10/site-packages/django_q_email/backends.py",
line 48, in send_message
email_message.send()
File "/usr/local/lib/python3.10/site-
packages/django/core/mail/message.py", line 298, in send
return self.get_connection(fail_silently).send_messages([self])
File "/usr/local/lib/python3.10/site-
packages/django/core/mail/backends/smtp.py", line 127, in send_messages
new_conn_created = self.open()
File "/usr/local/lib/python3.10/site-
packages/django/core/mail/backends/smtp.py", line 92, in open
self.connection.starttls(context=self.ssl_context)
File "/usr/local/lib/python3.10/smtplib.py", line 790, in starttls
self.sock = context.wrap_socket(self.sock,
File "/usr/local/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/local/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: self signed certificate (_ssl.c:1007)
When I downgrade django to 4.1.8, the error is gone.
I find that in the file ''core/mail/backends/smtp.py''
{{{
@cached_property
def ssl_context(self):
if self.ssl_certfile or self.ssl_keyfile:
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
return ssl_context
else:
return ssl.create_default_context()
}}}
causes the error in
{{{
if not self.use_ssl and self.use_tls:
self.connection.starttls(context=self.ssl_context)
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/34550>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate (_ssl.c:1007)
Reporter: aliceni81 | Owner: nobody
Type: Bug | Status: closed
Component: Core (Mail) | Version: 4.2
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Mariusz Felisiak):
* status: new => closed
* resolution: => duplicate
Comment:
Duplicate of #34504, see
[https://code.djangoproject.com/ticket/34524#comment:3 comment] and
[https://docs.djangoproject.com/en/4.2/releases/4.2/#miscellaneous release
notes]:
> ''"EmailBackend now verifies a hostname and certificates. If you need
the previous behavior that is less restrictive and not recommended,
subclass EmailBackend and override the ssl_context property."''
--
Ticket URL: <https://code.djangoproject.com/ticket/34550#comment:1>