id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 34524 "Error while sending TLS smtp email on ""self-signed certificate"" server" Buky nobody "The issue appears in Django 4.2 (tested with Python 3.11 and Python 3.9). Correctly works with previous versions of Django: 3.2 and 4.1 Context: I use locally use the [https://proton.me/support/protonmail-bridge-install protonmail-bridge] solution that locally bind an `IMAP` and `SMTP` ports with `STARTTLS`. Then, I use in my project config the [https://docs.djangoproject.com/en/4.2/topics/email/#smtp-backend EmailBackend] to connect to the solution and send emails. Here is the traceback, when I try to send emails with Django 4.2: {{{ Traceback (most recent call last): File ""/home/user/my-project/manage.py"", line 15, in execute_from_command_line(sys.argv) File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/management/__init__.py"", line 442, in execute_from_command_line utility.execute() File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/management/__init__.py"", line 436, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/management/base.py"", line 412, in run_from_argv self.execute(*args, **cmd_options) File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/management/base.py"", line 458, in execute output = self.handle(*args, **options) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File ""/home/user/my-project/my-app/management/commands/send-mail.py"", line 62, in handle send_mail(f""[My subject] {options['subject']}"", File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/mail/__init__.py"", line 87, in send_mail return mail.send() ^^^^^^^^^^^ File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/mail/message.py"", line 298, in send return self.get_connection(fail_silently).send_messages([self]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/mail/backends/smtp.py"", line 127, in send_messages new_conn_created = self.open() ^^^^^^^^^^^ File ""/home/user/.virtualenvs/env/lib/python3.11/site-packages/django/core/mail/backends/smtp.py"", line 92, in open self.connection.starttls(context=self.ssl_context) File ""/usr/lib/python3.11/smtplib.py"", line 790, in starttls self.sock = context.wrap_socket(self.sock, ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File ""/usr/lib/python3.11/ssl.py"", line 517, in wrap_socket return self.sslsocket_class._create( ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File ""/usr/lib/python3.11/ssl.py"", line 1075, in _create self.do_handshake() File ""/usr/lib/python3.11/ssl.py"", line 1346, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:992) }}} I found [https://code.djangoproject.com/ticket/34386 another ticket] recently created ticket related to SSL issue, but the issue doesn't exactly the same and the issue doesn't precisely mention when the patch will be merged: `[4.2.x] Fixed`. I have tried to export the TLS certificate and key of the solution and add them in my `settings.py` like: {{{ EMAIL_SSL_CERTFILE=""/tmp/cert.pem"" EMAIL_SSL_KEYFILE=""/tmp/key.pem"" }}} And to put them in the trust store of the system: {{{ cp /tmp/cert.pem /usr/local/share/ca-certificates/protonmail-bridge.crt cp /tmp/key.pem /etc/ssl/private/protonmail-bridge.key update-ca-certificates }}} But both tests didn't work. I suppose [https://docs.python.org/3/library/ssl.html#self-signed-certificates ssl] lib need an extra argument to allow SSL context with self-signed certificate. " Bug new Core (Mail) 4.2 Normal ssl Unreviewed 0 0 0 0 0 0