[Django] #34412: TLS/SSL sending mail fails in some servers

268 views
Skip to first unread message

Django

unread,
Mar 13, 2023, 4:48:44 PM3/13/23
to django-...@googlegroups.com
#34412: TLS/SSL sending mail fails in some servers
-----------------------------------------+------------------------
Reporter: raydeal | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
After last changes in `django.core.mail.backends.smtp.EmailBackend`
sending email is broken in some mail servers. There is an error
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: unable to get local issuer certificate (_ssl.c:992)

According to Python documentation
[https://docs.python.org/3.12/library/ssl.html#security-considerations SSL
security] and
[https://docs.python.org/3.12/library/ssl.html#ssl.create_default_context
create_default_context] I think that working version of implementation is


{{{
@cached_property
def ssl_context(self):
if self.ssl_certfile:
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
else:
ssl_context = ssl.create_default_context()
return ssl_context
}}}

Additionally it would be great to clarify in documentation of Django
settings what is EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE because a key
and certificate can be in one file passed as EMAIL_SSL_CERTFILE and it is
enough to pass certificate validation.

--
Ticket URL: <https://code.djangoproject.com/ticket/34412>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Mar 13, 2023, 4:50:15 PM3/13/23
to django-...@googlegroups.com
#34412: TLS/SSL sending mail fails in some servers
-----------------------------+--------------------------------------

Reporter: raydeal | Owner: nobody
Type: Bug | Status: new
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------
Changes (by raydeal):

* component: Uncategorized => Core (Mail)


--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:1>

Django

unread,
Mar 13, 2023, 5:54:32 PM3/13/23
to django-...@googlegroups.com
#34412: TLS/SSL sending mail fails in some servers
-----------------------------+--------------------------------------
Reporter: raydeal | Owner: nobody
Type: Bug | Status: new
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------

Comment (by Claude Paroz):

Did you test before or after this change: [b9d89d74f71c043d5269c]?

--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:2>

Django

unread,
Mar 13, 2023, 9:15:09 PM3/13/23
to django-...@googlegroups.com
#34412: TLS/SSL sending mail fails in some servers
-----------------------------+--------------------------------------
Reporter: raydeal | Owner: nobody
Type: Bug | Status: closed

Component: Core (Mail) | Version: dev
Severity: Normal | Resolution: duplicate

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------
Changes (by Tim Graham):

* status: new => closed
* resolution: => duplicate


Comment:

The proposed implementation in the description matches the code in the
commit that Claude mentioned, so marking as a duplicate of #34386.

raydeal, feel free to propose a documentation patch regarding your point
in the last sentence. Such a small change doesn't require a ticket.

--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:3>

Reply all
Reply to author
Forward
0 new messages