id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34412	TLS/SSL sending mail fails in some servers	raydeal	nobody	"After last changes in `django.core.mail.backends.smtp.EmailBackend` sending email is broken in some mail servers. There is an error ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)

According to Python documentation [https://docs.python.org/3.12/library/ssl.html#security-considerations SSL security] and [https://docs.python.org/3.12/library/ssl.html#ssl.create_default_context create_default_context] I think that working version of implementation is


{{{
@cached_property
def ssl_context(self):
    if self.ssl_certfile:
       ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
       ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
    else:
       ssl_context = ssl.create_default_context()
    return ssl_context
}}}

Additionally it would be great to clarify in documentation of Django settings what is EMAIL_SSL_CERTFILE and EMAIL_SSL_KEYFILE because a key and certificate can be in one file passed as EMAIL_SSL_CERTFILE and it is enough to pass certificate validation."	Bug	closed	Core (Mail)	dev	Normal	duplicate			Unreviewed	0	0	0	0	0	0