#35653: Support EMAIL_SSL_CERTFILE for private certificate authority
-----------------------------+-----------------------------------------
Reporter: dkaylor | Owner: Igor Scheller
Type: New feature | Status: assigned
Component: Core (Mail) | Version: 4.2
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-----------------------------+-----------------------------------------
Comment (by Mike Edmunds):
This seems like a useful addition, given that:
- Internal private CAs are not all that exotic.
- Django's current documentation seems to suggest that
EMAIL_SSL_CERTIFICATE can be set to a private CA bundle, but this doesn't
actually work.
- Although the problem can be solved by subclassing smtp.EmailBackend to
override ssl_context, that seems to be error prone. A lot of high-ranking
solutions disable certificate checking entirely or introduce other
security issues. (Another common recommendation is downgrading to Django
4.1.)
Question: am I understanding correctly that the proposed `ssl_cafile`
option would also work to securely verify self-signed certs? (That seems
like another semi-common Django email question that generates a lot of
less-secure answers.)
--
Ticket URL: <https://code.djangoproject.com/ticket/35653#comment:12>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/0107019133356dd7-9383cb7c-87c3-4997-bcef-59128fc7447e-000000%40eu-central-1.amazonses.com.
