Fixed 35653 -- Removed EMAIL_SSL_CAFILE option in favor of EMAIL_PROVIDERS setting.

2024-12-22 17:16:24 +00:00 · 2024-08-08 12:55:42 +02:00 · 2024-08-08 12:55:42 +02:00 · d11dd701fc
commit d11dd701fc
parent 495420eec3
6 changed files with 15 additions and 33 deletions
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@ -206,7 +206,6 @@ EMAIL_HOST_USER = ""
 EMAIL_HOST_PASSWORD = ""
 EMAIL_USE_TLS = False
 EMAIL_USE_SSL = False
-EMAIL_SSL_CAFILE = None
 EMAIL_SSL_CERTFILE = None
 EMAIL_SSL_KEYFILE = None
 EMAIL_TIMEOUT = None
--- a/django/core/mail/backends/smtp.py
+++ b/django/core/mail/backends/smtp.py
@ -45,9 +45,7 @@ class EmailBackend(BaseEmailBackend):
        self.ssl_certfile = (
            settings.EMAIL_SSL_CERTFILE if ssl_certfile is None else ssl_certfile
        )
-        self.ssl_cafile = (
-            settings.EMAIL_SSL_CAFILE if ssl_cafile is None else ssl_cafile
-        )
+        self.ssl_cafile = ssl_cafile
        if self.use_ssl and self.use_tls:
            raise ValueError(
                "EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive, so only set "
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@ -1495,17 +1495,6 @@ see the explicit TLS setting :setting:`EMAIL_USE_TLS`.
 Note that :setting:`EMAIL_USE_TLS`/:setting:`EMAIL_USE_SSL` are mutually
 exclusive, so only set one of those settings to ``True``.

-.. setting:: EMAIL_SSL_CAFILE
-
-``EMAIL_SSL_CAFILE``
----------------------
-
-Default: ``None``
-
-If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can
-optionally specify the path to a PEM-formatted certificate authority
-root certificate to validate the SSL connection.
-
 .. setting:: EMAIL_SSL_CERTFILE

 ``EMAIL_SSL_CERTFILE``
@ -1528,9 +1517,8 @@ If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can
 optionally specify the path to a PEM-formatted private key file to use for the
 SSL connection.

-Note that setting :setting:`EMAIL_SSL_CERTFILE`, :setting:`EMAIL_SSL_KEYFILE`
-or :setting:`EMAIL_SSL_CAFILE` doesn't result in any certificate checking.
-They're passed to the underlying SSL
+Note that setting :setting:`EMAIL_SSL_CERTFILE` and :setting:`EMAIL_SSL_KEYFILE`
+doesn't result in any certificate checking. They're passed to the underlying SSL
 connection. Please refer to the documentation of Python's
 :meth:`python:ssl.SSLContext.wrap_socket` function for details on how the
 certificate chain file and private key file are handled.
@ -3643,7 +3631,6 @@ Email
 * :setting:`EMAIL_HOST_PASSWORD`
 * :setting:`EMAIL_HOST_USER`
 * :setting:`EMAIL_PORT`
-* :setting:`EMAIL_SSL_CAFILE`
 * :setting:`EMAIL_SSL_CERTFILE`
 * :setting:`EMAIL_SSL_KEYFILE`
 * :setting:`EMAIL_SUBJECT_PREFIX`
--- a/docs/releases/5.2.txt
+++ b/docs/releases/5.2.txt
@ -220,8 +220,8 @@ Email
  returns a boolean indicating whether a provided text is contained in the
  email ``body`` and in all attached MIME type ``text/*`` alternatives.

-* The SMTP email backend now supports certificate validation using a ``cafile``
-  with the :setting:`EMAIL_SSL_CAFILE` setting.
+* The SMTP :class:`~django.core.mail.backends.smtp.EmailBackend` now supports
+  certificate validation by setting the new ``ssl_cafile`` parameter.

 Error Reporting
 ~~~~~~~~~~~~~~~
--- a/docs/topics/email.txt
+++ b/docs/topics/email.txt
@ -609,7 +609,7 @@ SMTP backend

    This is the default backend. Email will be sent through a SMTP server.

-    The value for each argument is retrieved from the matching setting if the
+    The value for most arguments is retrieved from the matching setting if the
    argument is ``None``:

    * ``host``: :setting:`EMAIL_HOST`
@ -621,7 +621,6 @@ SMTP backend
    * ``timeout``: :setting:`EMAIL_TIMEOUT`
    * ``ssl_keyfile``: :setting:`EMAIL_SSL_KEYFILE`
    * ``ssl_certfile``: :setting:`EMAIL_SSL_CERTFILE`
-    * ``ssl_cafile``: :setting:`EMAIL_SSL_CAFILE`

    The SMTP backend is the default configuration inherited by Django. If you
    want to specify it explicitly, put the following in your settings::
@ -631,6 +630,11 @@ SMTP backend
    If unspecified, the default ``timeout`` will be the one provided by
    :func:`socket.getdefaulttimeout()`, which defaults to ``None`` (no timeout).

+.. versionchanged:: 5.2
+
+    The ``ssl_cafile`` argument was added. It must be a ``pem`` formatted
+    CA certificate which is used to validate the SMTP server certificate.
+
 .. _topic-email-console-backend:

 Console backend
--- a/tests/mail/tests.py
+++ b/tests/mail/tests.py
@ -2269,26 +2269,20 @@ class SMTPBackendTests(BaseEmailBackendTests, SMTPBackendTestsBase):
        backend = smtp.EmailBackend()
        self.assertFalse(backend.use_ssl)

-    @override_settings(EMAIL_SSL_CAFILE="foo")
-    def test_email_ssl_cafile_use_settings(self):
-        backend = smtp.EmailBackend()
-        self.assertEqual(backend.ssl_cafile, "foo")
-
    @override_settings(EMAIL_SSL_CERTFILE="foo")
    def test_email_ssl_certfile_use_settings(self):
        backend = smtp.EmailBackend()
        self.assertEqual(backend.ssl_certfile, "foo")

-    @override_settings(EMAIL_SSL_CAFILE="foo")
-    def test_email_ssl_cafile_override_settings(self):
-        backend = smtp.EmailBackend(ssl_cafile="bar")
-        self.assertEqual(backend.ssl_cafile, "bar")
-
    @override_settings(EMAIL_SSL_CERTFILE="foo")
    def test_email_ssl_certfile_override_settings(self):
        backend = smtp.EmailBackend(ssl_certfile="bar")
        self.assertEqual(backend.ssl_certfile, "bar")

+    def test_email_set_ssl_cafile(self):
+        backend = smtp.EmailBackend(ssl_cafile="bar")
+        self.assertEqual(backend.ssl_cafile, "bar")
+
    def test_email_ssl_cafile_default_disabled(self):
        backend = smtp.EmailBackend()
        self.assertIsNone(backend.ssl_cafile)