Opened 15 years ago

Closed 12 years ago

#13142 closed New feature (duplicate)

Add support for SSL connections in core.mail.backends.smtp

Reported by: serg.partizan@… Owned by: Jason Mayfield
Component: Core (Mail) Version: dev
Severity: Normal Keywords:
Cc: hraban@…, net147, fizista@…, jason@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: yes UI/UX: no

Description

Current code for smtp backend dont allow using SSL connections to mail server, patch add this support

Attachments (4)

smtp_add_ssl.diff (1.6 KB ) - added by serg.partizan@… 15 years ago.
Patch that adds support for ssl connections
smtp_add_ssl-v0.2.diff (1.9 KB ) - added by Sergey Tereschenko 15 years ago.
this patch with checking python version
smtp_ssl_final.diff (3.8 KB ) - added by Wojciech Banaś <fizista@…> 13 years ago.
patch with documentation and default settings
smtp_ssl_final.2.diff (3.5 KB ) - added by Wojciech Banaś <fizista@…> 13 years ago.
Removed an unnecessary change. Now the patch is already perfect.

Download all attachments as: .zip

Change History (23)

by serg.partizan@…, 15 years ago

Attachment: smtp_add_ssl.diff added

Patch that adds support for ssl connections

comment:1 by Russell Keith-Magee, 15 years ago

Needs documentation: set
Needs tests: set
Triage Stage: UnreviewedAccepted

comment:2 by Karen Tracey, 15 years ago

Patch needs improvement: set

smtplib.SMTP_SSL was added with Python 2.6; we need to gracefully handle running on Pythons that don't yet have that support. Patch as currently coded will simply raise an exception on older Pythons. It's probably best to refuse to use it if running on a level that doesn't have it. Probably best to refuse to use it on any level below the one that includes the fix for this Python issue, since it seems that without that fix the module couldn't actually be successfully used. Not sure without some checking what Python 2.6.x release that fix was included in.

by Sergey Tereschenko, 15 years ago

Attachment: smtp_add_ssl-v0.2.diff added

this patch with checking python version

comment:3 by Hraban <hraban@…>, 14 years ago

Cc: hraban@… added

comment:4 by Hraban <hraban@…>, 14 years ago

According to Python docs, SMTP_SSL was not added with Python 2.6, but only its "timeout" parameter (as well as to SMTP plain). Only LMTP is documented to be new in 2.6.
But SMTP_SSL doesn't appear in 2.5 docs, so it seems the docs are incomplete (filed as bug: http://bugs.python.org/issue10315).

comment:5 by Luke Plant, 14 years ago

Type: New feature

comment:6 by Luke Plant, 14 years ago

Severity: Normal

comment:7 by net147, 14 years ago

Cc: net147 added

by Wojciech Banaś <fizista@…>, 13 years ago

Attachment: smtp_ssl_final.diff added

patch with documentation and default settings

comment:8 by Wojciech Banaś <fizista@…>, 13 years ago

Cc: fizista@… added
Easy pickings: set
Needs documentation: unset
Needs tests: unset
UI/UX: unset

Tested patch for python version 2.6. Has been added documentation and default settings.

by Wojciech Banaś <fizista@…>, 13 years ago

Attachment: smtp_ssl_final.2.diff added

Removed an unnecessary change. Now the patch is already perfect.

comment:9 by Wojciech Banaś <fizista@…>, 13 years ago

Patch needs improvement: unset

comment:10 by chomik, 13 years ago

Needs tests: set

comment:11 by Jannis Leidel, 13 years ago

Triage Stage: AcceptedReady for checkin

The docs need info about when the setting was added, but other than that this looks good to me.

comment:12 by Paul McMillan, 13 years ago

Needs documentation: set

I'm going to leave this at RFC, but with the caveat that the docs MUST make it EXTREMELY clear that this setting does not do any form of certificate checking whatsoever. The communications are encrypted over the wire, but an active attacker can snoop on the contents.

It would be nice to have certificate checking, but it's a difficult problem, so I'm ok with adding the feature as-is since it's an interoperability issue.

comment:13 by Ramiro Morales, 13 years ago

Patch needs improvement: set
Triage Stage: Ready for checkinAccepted

I agree with Karen here. If the Python version in use (< 2.6) is such that no SSL support exists in the smtpliblibrary and the user has requested it with settings.MAIL_USE_SSL = True then the code should refuse to work at deployment time and should show some kind of explanation about the reason.

Otherwise with the latest patch, the user might erroneously think connections to the SMTP server are SSL-encrypted when they fact aren't; giving he/she a false sense of security.

I'm going to move this back to accepted/patch needs improvement. Please move it back to RFC if I'm misunderstanding things.

comment:14 by Jason Mayfield, 12 years ago

Owner: changed from nobody to Jason Mayfield
Status: newassigned

comment:15 by Jason Mayfield, 12 years ago

Cc: jason@… added

https://github.com/django/django/pull/347

Fixed #13142 -- Added support for SSL connections in core.mail.backends.smtp

Note: SVN-based patch originally provided by serg.partizan / partizan and Wojciech Banaś in Trac (refer to https://code.djangoproject.com/ticket/13142). (Patch didn't apply cleanly for me.)

This commit includes the work done by those previous, with the following changes:

  • If use_ssl is True, or settings.EMAIL_USE_SSL is True, but the current Python version is less than 2.6, use_ssl is not internally changed to False. Nor does the SMTP backend code raise an exception. We don't need to, because Django 1.5 is dropping support for Python prior to 2.6.
  • This update provides the ability to configure the keyfile and certfile to use with SMTP_SSL.
  • Documentation is updated to specify that this feature is new in 1.5.

comment:16 by Jason Mayfield, 12 years ago

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

comment:17 by Florian Apolloner, 12 years ago

Patch needs improvement: set

comment:18 by Tim Graham, 12 years ago

#17471 is a duplicate which was recently committed but lacks the cert/key file setting options in the PR.

comment:19 by Claude Paroz, 12 years ago

Resolution: duplicate
Status: assignedclosed

I opened a new ticket dedicated to the keyfile/certfile issue: #20743

Note: See TracTickets for help on using tickets.
Back to Top