#34412 closed Bug (duplicate)

TLS/SSL sending mail fails in some servers

Reported by: raydeal Owned by: nobody
Component: Core (Mail) Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

After last changes in django.core.mail.backends.smtp.EmailBackend sending email is broken in some mail servers. There is an error ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)

According to Python documentation SSL security and create_default_context I think that working version of implementation is

@cached_property
def ssl_context(self):
    if self.ssl_certfile:
       ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
       ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
    else:
       ssl_context = ssl.create_default_context()
    return ssl_context

Additionally it would be great to clarify in documentation of Django settings what is EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE because a key and certificate can be in one file passed as EMAIL_SSL_CERTFILE and it is enough to pass certificate validation.

Change History (3)

comment:1 by raydeal, 20 months ago

Component: UncategorizedCore (Mail)

comment:2 by Claude Paroz, 20 months ago

Did you test before or after this change: [b9d89d74f71c043d5269c]?

comment:3 by Tim Graham, 20 months ago

Resolution: duplicate
Status: newclosed

The proposed implementation in the description matches the code in the commit that Claude mentioned, so marking as a duplicate of #34386.

raydeal, feel free to propose a documentation patch regarding your point in the last sentence. Such a small change doesn't require a ticket.

Note: See TracTickets for help on using tickets.
Back to Top