[Django] #34412: TLS/SSL sending mail fails in some servers

[Django]

#34412: TLS/SSL sending mail fails in some servers
-----------------------------------------+------------------------
Reporter: raydeal | Owner: nobody
Type: Bug | Status: new
Component: Uncategorized | Version: dev
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
After last changes in `django.core.mail.backends.smtp.EmailBackend`
sending email is broken in some mail servers. There is an error
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: unable to get local issuer certificate (_ssl.c:992)

According to Python documentation
[https://docs.python.org/3.12/library/ssl.html#security-considerations SSL
security] and
[https://docs.python.org/3.12/library/ssl.html#ssl.create_default_context
create_default_context] I think that working version of implementation is

{{{
@cached_property
def ssl_context(self):
if self.ssl_certfile:
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
else:
ssl_context = ssl.create_default_context()
return ssl_context
}}}

Additionally it would be great to clarify in documentation of Django
settings what is EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE because a key
and certificate can be in one file passed as EMAIL_SSL_CERTFILE and it is
enough to pass certificate validation.

--
Ticket URL: <https://code.djangoproject.com/ticket/34412>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#34412: TLS/SSL sending mail fails in some servers

-----------------------------+--------------------------------------

Reporter: raydeal | Owner: nobody
Type: Bug | Status: new

Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-----------------------------+--------------------------------------
Changes (by raydeal):

* component: Uncategorized => Core (Mail)

--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:1>

[Django]

#34412: TLS/SSL sending mail fails in some servers
-----------------------------+--------------------------------------
Reporter: raydeal | Owner: nobody
Type: Bug | Status: new
Component: Core (Mail) | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------

Comment (by Claude Paroz):

Did you test before or after this change: [b9d89d74f71c043d5269c]?

--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:2>

[Django]

#34412: TLS/SSL sending mail fails in some servers
-----------------------------+--------------------------------------
Reporter: raydeal | Owner: nobody

Type: Bug | Status: closed

Component: Core (Mail) | Version: dev

Severity: Normal | Resolution: duplicate

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------

Changes (by Tim Graham):

* status: new => closed
* resolution: => duplicate

Comment:

The proposed implementation in the description matches the code in the
commit that Claude mentioned, so marking as a duplicate of #34386.

raydeal, feel free to propose a documentation patch regarding your point
in the last sentence. Such a small change doesn't require a ticket.

--
Ticket URL: <https://code.djangoproject.com/ticket/34412#comment:3>