#34504: SSLCertVerificationError on outgoing emails for some mailboxes
-------------------------------------+-------------------------------------
Reporter: Kamen Kalchev | Owner: nobody
Type: Bug | Status: closed
Component: Core (Mail) | Version: 4.2
Severity: Normal | Resolution: needsinfo
Keywords: smtplib, ssl, | Triage Stage:
Django4.2 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by Mariusz Felisiak):
* status: new => closed
* resolution: => needsinfo
Comment:
Thanks for the ticket, however I don't see much difference between the
current implementation and Python < 3.12 behavior in creating a default
SSL context. The only difference is that now `check_hostname` is set to
`True`, does it work for you with the following diff?
{{{#!diff
diff --git a/django/core/mail/backends/smtp.py
b/django/core/mail/backends/smtp.py
index 1ee48269ae..132bed29be 100644
--- a/django/core/mail/backends/smtp.py
+++ b/django/core/mail/backends/smtp.py
@@ -60,6 +60,7 @@ class EmailBackend(BaseEmailBackend):
if self.ssl_certfile or self.ssl_keyfile:
ssl_context =
ssl.SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
ssl_context.load_cert_chain(self.ssl_certfile,
self.ssl_keyfile)
+ ssl_context.check_hostname = False
return ssl_context
else:
return ssl.create_default_context()
}}}
I'm not sure we'd like to change that.
--
Ticket URL: <https://code.djangoproject.com/ticket/34504#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107018798f2ebfe-a585f19d-d43b-4003-9bac-ee78c732b5bd-000000%40eu-central-1.amazonses.com.
