Opened 20 months ago

Closed 20 months ago

Last modified 20 months ago

#34550 closed Bug (duplicate)

Send email with EMAIL_USE_TLS=True but get SSL error.

Reported by: aliceni81 Owned by: nobody
Component: Core (Mail) Version: 4.2
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When I upgrade django from 4.1.8 to 4.2.1, I cannot send email by STMP.

My setting is:
EMAIL_USE_TLS = True
EMAIL_USE_SSL = False
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = None

The error is:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1007) : Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/django_q/cluster.py", line 432, in worker
res = f(*taskargs, taskkwargs)
File "/usr/local/lib/python3.10/site-packages/django_q_email/backends.py", line 48, in send_message
email_message.send()
File "/usr/local/lib/python3.10/site-packages/django/core/mail/message.py", line 298, in send
return self.get_connection(fail_silently).send_messages([self])
File "/usr/local/lib/python3.10/site-packages/django/core/mail/backends/smtp.py", line 127, in send_messages
new_conn_created = self.open()
File "/usr/local/lib/python3.10/site-packages/django/core/mail/backends/smtp.py", line 92, in open
self.connection.starttls(context=self.ssl_context)
File "/usr/local/lib/python3.10/smtplib.py", line 790, in starttls
self.sock = context.wrap_socket(self.sock,
File "/usr/local/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/local/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1007)

When I downgrade django to 4.1.8, the error is gone.
I find that in the file core/mail/backends/smtp.py

@cached_property
def ssl_context(self):
    if self.ssl_certfile or self.ssl_keyfile:
        ssl_context = ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
        ssl_context.load_cert_chain(self.ssl_certfile, self.ssl_keyfile)
        return ssl_context
    else:
        return ssl.create_default_context()

causes the error in

if not self.use_ssl and self.use_tls:
    self.connection.starttls(context=self.ssl_context)

Change History (2)

comment:1 by Mariusz Felisiak, 20 months ago

Resolution: duplicate
Status: newclosed

Duplicate of #34504, see comment and release notes:

"EmailBackend now verifies a hostname and certificates. If you need the previous behavior that is less restrictive and not recommended, subclass EmailBackend and override the ssl_context property."

comment:2 by Mariusz Felisiak, 20 months ago

Summary: Send email with EMAIL_USE_TLS=True but get SSL error - [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1007)Send email with EMAIL_USE_TLS=True but get SSL error.
Note: See TracTickets for help on using tickets.
Back to Top