Opened 15 years ago
Closed 11 years ago
#13142 closed New feature (duplicate)
Add support for SSL connections in core.mail.backends.smtp
Reported by: | Owned by: | Jason Mayfield | |
---|---|---|---|
Component: | Core (Mail) | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | hraban@…, net147, fizista@…, jason@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | yes | UI/UX: | no |
Description
Current code for smtp backend dont allow using SSL connections to mail server, patch add this support
Attachments (4)
Change History (23)
by , 15 years ago
Attachment: | smtp_add_ssl.diff added |
---|
comment:1 by , 15 years ago
Needs documentation: | set |
---|---|
Needs tests: | set |
Triage Stage: | Unreviewed → Accepted |
comment:2 by , 15 years ago
Patch needs improvement: | set |
---|
smtplib.SMTP_SSL
was added with Python 2.6; we need to gracefully handle running on Pythons that don't yet have that support. Patch as currently coded will simply raise an exception on older Pythons. It's probably best to refuse to use it if running on a level that doesn't have it. Probably best to refuse to use it on any level below the one that includes the fix for this Python issue, since it seems that without that fix the module couldn't actually be successfully used. Not sure without some checking what Python 2.6.x release that fix was included in.
comment:3 by , 14 years ago
Cc: | added |
---|
comment:4 by , 14 years ago
According to Python docs, SMTP_SSL was not added with Python 2.6, but only its "timeout" parameter (as well as to SMTP plain). Only LMTP is documented to be new in 2.6.
But SMTP_SSL doesn't appear in 2.5 docs, so it seems the docs are incomplete (filed as bug: http://bugs.python.org/issue10315).
comment:5 by , 14 years ago
Type: | → New feature |
---|
comment:6 by , 14 years ago
Severity: | → Normal |
---|
comment:7 by , 14 years ago
Cc: | added |
---|
by , 13 years ago
Attachment: | smtp_ssl_final.diff added |
---|
patch with documentation and default settings
comment:8 by , 13 years ago
Cc: | added |
---|---|
Easy pickings: | set |
Needs documentation: | unset |
Needs tests: | unset |
UI/UX: | unset |
Tested patch for python version 2.6. Has been added documentation and default settings.
by , 13 years ago
Attachment: | smtp_ssl_final.2.diff added |
---|
Removed an unnecessary change. Now the patch is already perfect.
comment:9 by , 13 years ago
Patch needs improvement: | unset |
---|
comment:10 by , 13 years ago
Needs tests: | set |
---|
comment:11 by , 13 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
The docs need info about when the setting was added, but other than that this looks good to me.
comment:12 by , 13 years ago
Needs documentation: | set |
---|
I'm going to leave this at RFC, but with the caveat that the docs MUST make it EXTREMELY clear that this setting does not do any form of certificate checking whatsoever. The communications are encrypted over the wire, but an active attacker can snoop on the contents.
It would be nice to have certificate checking, but it's a difficult problem, so I'm ok with adding the feature as-is since it's an interoperability issue.
comment:13 by , 13 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Ready for checkin → Accepted |
I agree with Karen here. If the Python version in use (< 2.6) is such that no SSL support exists in the smtplib
library and the user has requested it with settings.MAIL_USE_SSL = True
then the code should refuse to work at deployment time and should show some kind of explanation about the reason.
Otherwise with the latest patch, the user might erroneously think connections to the SMTP server are SSL-encrypted when they fact aren't; giving he/she a false sense of security.
I'm going to move this back to accepted/patch needs improvement. Please move it back to RFC if I'm misunderstanding things.
comment:14 by , 12 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:15 by , 12 years ago
Cc: | added |
---|
https://github.com/django/django/pull/347
Fixed #13142 -- Added support for SSL connections in core.mail.backends.smtp
Note: SVN-based patch originally provided by serg.partizan / partizan and Wojciech Banaś in Trac (refer to https://code.djangoproject.com/ticket/13142). (Patch didn't apply cleanly for me.)
This commit includes the work done by those previous, with the following changes:
- If use_ssl is True, or settings.EMAIL_USE_SSL is True, but the current Python version is less than 2.6, use_ssl is not internally changed to False. Nor does the SMTP backend code raise an exception. We don't need to, because Django 1.5 is dropping support for Python prior to 2.6.
- This update provides the ability to configure the keyfile and certfile to use with SMTP_SSL.
- Documentation is updated to specify that this feature is new in 1.5.
comment:16 by , 12 years ago
Needs documentation: | unset |
---|---|
Needs tests: | unset |
Patch needs improvement: | unset |
comment:17 by , 12 years ago
Patch needs improvement: | set |
---|
See my notes on the PR: https://github.com/django/django/pull/347#issuecomment-8599632
comment:18 by , 11 years ago
#17471 is a duplicate which was recently committed but lacks the cert/key file setting options in the PR.
comment:19 by , 11 years ago
Resolution: | → duplicate |
---|---|
Status: | assigned → closed |
I opened a new ticket dedicated to the keyfile/certfile issue: #20743
Patch that adds support for ssl connections