Opened 21 months ago
Closed 21 months ago
#34412 closed Bug (duplicate)
TLS/SSL sending mail fails in some servers
| Reported by: | raydeal | Owned by: | nobody |
|---|---|---|---|
| Component: | Core (Mail) | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
After last changes in django.core.mail.backends.smtp.EmailBackend sending email is broken in some mail servers. There is an error ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)
According to Python documentation SSL security and create_default_context I think that working version of implementation is
@cached_property
def ssl_context(self):
if self.ssl_certfile:
ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
else:
ssl_context = ssl.create_default_context()
return ssl_context
Additionally it would be great to clarify in documentation of Django settings what is EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE because a key and certificate can be in one file passed as EMAIL_SSL_CERTFILE and it is enough to pass certificate validation.
Change History (3)
comment:1 by , 21 months ago
| Component: | Uncategorized → Core (Mail) |
|---|
comment:2 by , 21 months ago
comment:3 by , 21 months ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
The proposed implementation in the description matches the code in the commit that Claude mentioned, so marking as a duplicate of #34386.
raydeal, feel free to propose a documentation patch regarding your point in the last sentence. Such a small change doesn't require a ticket.
Did you test before or after this change: [b9d89d74f71c043d5269c]?