#34524: Error while sending TLS smtp email on "self-signed certificate" server
-----------------------------+--------------------------------------
Reporter: Buky | Owner: nobody
Type: Bug | Status: new
Component: Core (Mail) | Version: 4.2
Severity: Normal | Resolution:
Keywords: ssl | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+--------------------------------------
Description changed by Buky:
Old description:
> The issue appears in Django 4.2 (tested with Python 3.11 and Python 3.9).
> Correctly works with previous versions of Django: 3.2 and 4.1
>
> Context: I use locally use the [https://proton.me/support/protonmail-
> bridge-install protonmail-bridge] solution that locally bind an `IMAP`
> and `SMTP` ports with `STARTTLS`. Then, I use in my project config the
> [https://docs.djangoproject.com/en/4.2/topics/email/#smtp-backend
> EmailBackend] to connect to the solution and send emails.
>
> Here is the traceback, when I try to send emails with Django 4.2:
> {{{
> Traceback (most recent call last):
> File "/home/user/my-project/manage.py", line 15, in <module>
> execute_from_command_line(sys.argv)
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/management/__init__.py", line 442, in
> execute_from_command_line
> utility.execute()
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/management/__init__.py", line 436, in execute
> self.fetch_command(subcommand).run_from_argv(self.argv)
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/management/base.py", line 412, in run_from_argv
> self.execute(*args, **cmd_options)
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/management/base.py", line 458, in execute
> output = self.handle(*args, **options)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/home/user/my-project/my-app/management/commands/send-mail.py",
> line 62, in handle
> send_mail(f"[My subject] {options['subject']}",
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/mail/__init__.py", line 87, in send_mail
> return mail.send()
> ^^^^^^^^^^^
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/mail/message.py", line 298, in send
> return self.get_connection(fail_silently).send_messages([self])
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/mail/backends/smtp.py", line 127, in send_messages
> new_conn_created = self.open()
> ^^^^^^^^^^^
> File "/home/user/.virtualenvs/env/lib/python3.11/site-
> packages/django/core/mail/backends/smtp.py", line 92, in open
> self.connection.starttls(context=self.ssl_context)
> File "/usr/lib/python3.11/smtplib.py", line 790, in starttls
> self.sock = context.wrap_socket(self.sock,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket
> return self.sslsocket_class._create(
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> File "/usr/lib/python3.11/ssl.py", line 1075, in _create
> self.do_handshake()
> File "/usr/lib/python3.11/ssl.py", line 1346, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED]
> certificate verify failed: self-signed certificate (_ssl.c:992)
> }}}
>
> I found [https://code.djangoproject.com/ticket/34386 another ticket]
> recently created ticket related to SSL issue, but the issue doesn't
> exactly the same and the issue doesn't precisely mention when the patch
> will be merged: `[4.2.x] Fixed`.
>
> I have tried to export the TLS certificate and key of the solution and
> add them in my `settings.py` like:
> {{{
> EMAIL_SSL_CERTFILE="/tmp/cert.pem"
> EMAIL_SSL_KEYFILE="/tmp/key.pem"
> }}}
> And to put them in the trust store of the system:
> {{{
> cp /tmp/cert.pem /usr/local/share/ca-certificates/protonmail-bridge.crt
> cp /tmp/key.pem /etc/ssl/privateprotonmail-bridge.key
> update-ca-certificates
> }}}
> But both fixes tested didn't work.
New description:
The issue appears in Django 4.2 (tested with Python 3.11 and Python 3.9).
Correctly works with previous versions of Django: 3.2 and 4.1
Context: I use locally use the [https://proton.me/support/protonmail-
bridge-install protonmail-bridge] solution that locally bind an `IMAP` and
`SMTP` ports with `STARTTLS`. Then, I use in my project config the
[https://docs.djangoproject.com/en/4.2/topics/email/#smtp-backend
EmailBackend] to connect to the solution and send emails.
Here is the traceback, when I try to send emails with Django 4.2:
{{{
Traceback (most recent call last):
File "/home/user/my-project/manage.py", line 15, in <module>
execute_from_command_line(sys.argv)
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/management/__init__.py", line 442, in
execute_from_command_line
utility.execute()
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/management/__init__.py", line 436, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/management/base.py", line 412, in run_from_argv
self.execute(*args, **cmd_options)
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/management/base.py", line 458, in execute
output = self.handle(*args, **options)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/my-project/my-app/management/commands/send-mail.py",
line 62, in handle
send_mail(f"[My subject] {options['subject']}",
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/mail/__init__.py", line 87, in send_mail
return mail.send()
^^^^^^^^^^^
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/mail/message.py", line 298, in send
return self.get_connection(fail_silently).send_messages([self])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/mail/backends/smtp.py", line 127, in send_messages
new_conn_created = self.open()
^^^^^^^^^^^
File "/home/user/.virtualenvs/env/lib/python3.11/site-
packages/django/core/mail/backends/smtp.py", line 92, in open
self.connection.starttls(context=self.ssl_context)
File "/usr/lib/python3.11/smtplib.py", line 790, in starttls
self.sock = context.wrap_socket(self.sock,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/ssl.py", line 1075, in _create
self.do_handshake()
File "/usr/lib/python3.11/ssl.py", line 1346, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed: self-signed certificate (_ssl.c:992)
}}}
I found [https://code.djangoproject.com/ticket/34386 another ticket]
recently created ticket related to SSL issue, but the issue doesn't
exactly the same and the issue doesn't precisely mention when the patch
will be merged: `[4.2.x] Fixed`.
I have tried to export the TLS certificate and key of the solution and add
them in my `settings.py` like:
{{{
EMAIL_SSL_CERTFILE="/tmp/cert.pem"
EMAIL_SSL_KEYFILE="/tmp/key.pem"
}}}
And to put them in the trust store of the system:
{{{
cp /tmp/cert.pem /usr/local/share/ca-certificates/protonmail-bridge.crt
cp /tmp/key.pem /etc/ssl/private/protonmail-bridge.key
update-ca-certificates
}}}
But both fixes tested didn't work.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/34524#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/01070187c6fa58dd-8926fc28-6bad-41ab-ac51-f4aede143c3f-000000%40eu-central-1.amazonses.com.
