Opened 5 years ago

Closed 2 years ago

#13142 closed New feature (duplicate)

Add support for SSL connections in core.mail.backends.smtp

Reported by: serg.partizan@… Owned by: jwmayfield
Component: Core (Mail) Version: master
Severity: Normal Keywords:
Cc: hraban@…, net147, fizista@…, jason@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: yes UI/UX: no

Description

Current code for smtp backend dont allow using SSL connections to mail server, patch add this support

Attachments (4)

smtp_add_ssl.diff (1.6 KB) - added by serg.partizan@… 5 years ago.
Patch that adds support for ssl connections
smtp_add_ssl-v0.2.diff (1.9 KB) - added by partizan 5 years ago.
this patch with checking python version
smtp_ssl_final.diff (3.8 KB) - added by Wojciech Banaś <fizista@…> 4 years ago.
patch with documentation and default settings
smtp_ssl_final.2.diff (3.5 KB) - added by Wojciech Banaś <fizista@…> 4 years ago.
Removed an unnecessary change. Now the patch is already perfect.

Download all attachments as: .zip

Change History (23)

Changed 5 years ago by serg.partizan@…

Patch that adds support for ssl connections

comment:1 Changed 5 years ago by russellm

  • Needs documentation set
  • Needs tests set
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 5 years ago by kmtracey

  • Patch needs improvement set

smtplib.SMTP_SSL was added with Python 2.6; we need to gracefully handle running on Pythons that don't yet have that support. Patch as currently coded will simply raise an exception on older Pythons. It's probably best to refuse to use it if running on a level that doesn't have it. Probably best to refuse to use it on any level below the one that includes the fix for this Python issue, since it seems that without that fix the module couldn't actually be successfully used. Not sure without some checking what Python 2.6.x release that fix was included in.

Changed 5 years ago by partizan

this patch with checking python version

comment:3 Changed 5 years ago by Hraban <hraban@…>

  • Cc hraban@… added

comment:4 Changed 5 years ago by Hraban <hraban@…>

According to Python docs, SMTP_SSL was not added with Python 2.6, but only its "timeout" parameter (as well as to SMTP plain). Only LMTP is documented to be new in 2.6.
But SMTP_SSL doesn't appear in 2.5 docs, so it seems the docs are incomplete (filed as bug: http://bugs.python.org/issue10315).

comment:5 Changed 4 years ago by lukeplant

  • Type set to New feature

comment:6 Changed 4 years ago by lukeplant

  • Severity set to Normal

comment:7 Changed 4 years ago by net147

  • Cc net147 added

Changed 4 years ago by Wojciech Banaś <fizista@…>

patch with documentation and default settings

comment:8 Changed 4 years ago by Wojciech Banaś <fizista@…>

  • Cc fizista@… added
  • Easy pickings set
  • Needs documentation unset
  • Needs tests unset
  • UI/UX unset

Tested patch for python version 2.6. Has been added documentation and default settings.

Changed 4 years ago by Wojciech Banaś <fizista@…>

Removed an unnecessary change. Now the patch is already perfect.

comment:9 Changed 4 years ago by Wojciech Banaś <fizista@…>

  • Patch needs improvement unset

comment:10 Changed 4 years ago by chomik

  • Needs tests set

comment:11 Changed 4 years ago by jezdez

  • Triage Stage changed from Accepted to Ready for checkin

The docs need info about when the setting was added, but other than that this looks good to me.

comment:12 Changed 4 years ago by PaulM

  • Needs documentation set

I'm going to leave this at RFC, but with the caveat that the docs MUST make it EXTREMELY clear that this setting does not do any form of certificate checking whatsoever. The communications are encrypted over the wire, but an active attacker can snoop on the contents.

It would be nice to have certificate checking, but it's a difficult problem, so I'm ok with adding the feature as-is since it's an interoperability issue.

comment:13 Changed 4 years ago by ramiro

  • Patch needs improvement set
  • Triage Stage changed from Ready for checkin to Accepted

I agree with Karen here. If the Python version in use (< 2.6) is such that no SSL support exists in the smtpliblibrary and the user has requested it with settings.MAIL_USE_SSL = True then the code should refuse to work at deployment time and should show some kind of explanation about the reason.

Otherwise with the latest patch, the user might erroneously think connections to the SMTP server are SSL-encrypted when they fact aren't; giving he/she a false sense of security.

I'm going to move this back to accepted/patch needs improvement. Please move it back to RFC if I'm misunderstanding things.

comment:14 Changed 3 years ago by jwmayfield

  • Owner changed from nobody to jwmayfield
  • Status changed from new to assigned

comment:15 Changed 3 years ago by jwmayfield

  • Cc jason@… added

https://github.com/django/django/pull/347

Fixed #13142 -- Added support for SSL connections in core.mail.backends.smtp

Note: SVN-based patch originally provided by serg.partizan / partizan and Wojciech Banaś in Trac (refer to https://code.djangoproject.com/ticket/13142). (Patch didn't apply cleanly for me.)

This commit includes the work done by those previous, with the following changes:

  • If use_ssl is True, or settings.EMAIL_USE_SSL is True, but the current Python version is less than 2.6, use_ssl is not internally changed to False. Nor does the SMTP backend code raise an exception. We don't need to, because Django 1.5 is dropping support for Python prior to 2.6.
  • This update provides the ability to configure the keyfile and certfile to use with SMTP_SSL.
  • Documentation is updated to specify that this feature is new in 1.5.

comment:16 Changed 3 years ago by jwmayfield

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

comment:17 Changed 3 years ago by apollo13

  • Patch needs improvement set

comment:18 Changed 2 years ago by timo

#17471 is a duplicate which was recently committed but lacks the cert/key file setting options in the PR.

comment:19 Changed 2 years ago by claudep

  • Resolution set to duplicate
  • Status changed from assigned to closed

I opened a new ticket dedicated to the keyfile/certfile issue: #20743

Note: See TracTickets for help on using tickets.
Back to Top