From d11dd701fc1994540e974f23f006ab1231c8903c Mon Sep 17 00:00:00 2001 From: Igor Scheller Date: Thu, 8 Aug 2024 12:55:42 +0200 Subject: [PATCH] Fixed 35653 -- Removed EMAIL_SSL_CAFILE option in favor of EMAIL_PROVIDERS setting. --- django/conf/global_settings.py | 1 - django/core/mail/backends/smtp.py | 4 +--- docs/ref/settings.txt | 17 ++--------------- docs/releases/5.2.txt | 4 ++-- docs/topics/email.txt | 8 ++++++-- tests/mail/tests.py | 14 ++++---------- 6 files changed, 15 insertions(+), 33 deletions(-) diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py index ab46034d61..f4535acb09 100644 --- a/django/conf/global_settings.py +++ b/django/conf/global_settings.py @@ -206,7 +206,6 @@ EMAIL_HOST_USER = "" EMAIL_HOST_PASSWORD = "" EMAIL_USE_TLS = False EMAIL_USE_SSL = False -EMAIL_SSL_CAFILE = None EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = None EMAIL_TIMEOUT = None diff --git a/django/core/mail/backends/smtp.py b/django/core/mail/backends/smtp.py index 7dc51165b2..c973296131 100644 --- a/django/core/mail/backends/smtp.py +++ b/django/core/mail/backends/smtp.py @@ -45,9 +45,7 @@ class EmailBackend(BaseEmailBackend): self.ssl_certfile = ( settings.EMAIL_SSL_CERTFILE if ssl_certfile is None else ssl_certfile ) - self.ssl_cafile = ( - settings.EMAIL_SSL_CAFILE if ssl_cafile is None else ssl_cafile - ) + self.ssl_cafile = ssl_cafile if self.use_ssl and self.use_tls: raise ValueError( "EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive, so only set " diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 77ecd550f6..e3a0f6d32a 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -1495,17 +1495,6 @@ see the explicit TLS setting :setting:`EMAIL_USE_TLS`. Note that :setting:`EMAIL_USE_TLS`/:setting:`EMAIL_USE_SSL` are mutually exclusive, so only set one of those settings to ``True``. -.. setting:: EMAIL_SSL_CAFILE - -``EMAIL_SSL_CAFILE`` ----------------------- - -Default: ``None`` - -If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can -optionally specify the path to a PEM-formatted certificate authority -root certificate to validate the SSL connection. - .. setting:: EMAIL_SSL_CERTFILE ``EMAIL_SSL_CERTFILE`` @@ -1528,9 +1517,8 @@ If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can optionally specify the path to a PEM-formatted private key file to use for the SSL connection. -Note that setting :setting:`EMAIL_SSL_CERTFILE`, :setting:`EMAIL_SSL_KEYFILE` -or :setting:`EMAIL_SSL_CAFILE` doesn't result in any certificate checking. -They're passed to the underlying SSL +Note that setting :setting:`EMAIL_SSL_CERTFILE` and :setting:`EMAIL_SSL_KEYFILE` +doesn't result in any certificate checking. They're passed to the underlying SSL connection. Please refer to the documentation of Python's :meth:`python:ssl.SSLContext.wrap_socket` function for details on how the certificate chain file and private key file are handled. @@ -3643,7 +3631,6 @@ Email * :setting:`EMAIL_HOST_PASSWORD` * :setting:`EMAIL_HOST_USER` * :setting:`EMAIL_PORT` -* :setting:`EMAIL_SSL_CAFILE` * :setting:`EMAIL_SSL_CERTFILE` * :setting:`EMAIL_SSL_KEYFILE` * :setting:`EMAIL_SUBJECT_PREFIX` diff --git a/docs/releases/5.2.txt b/docs/releases/5.2.txt index 419ea210ce..f72c6bc07b 100644 --- a/docs/releases/5.2.txt +++ b/docs/releases/5.2.txt @@ -220,8 +220,8 @@ Email returns a boolean indicating whether a provided text is contained in the email ``body`` and in all attached MIME type ``text/*`` alternatives. -* The SMTP email backend now supports certificate validation using a ``cafile`` - with the :setting:`EMAIL_SSL_CAFILE` setting. +* The SMTP :class:`~django.core.mail.backends.smtp.EmailBackend` now supports + certificate validation by setting the new ``ssl_cafile`` parameter. Error Reporting ~~~~~~~~~~~~~~~ diff --git a/docs/topics/email.txt b/docs/topics/email.txt index 36be9b96d5..2389985313 100644 --- a/docs/topics/email.txt +++ b/docs/topics/email.txt @@ -609,7 +609,7 @@ SMTP backend This is the default backend. Email will be sent through a SMTP server. - The value for each argument is retrieved from the matching setting if the + The value for most arguments is retrieved from the matching setting if the argument is ``None``: * ``host``: :setting:`EMAIL_HOST` @@ -621,7 +621,6 @@ SMTP backend * ``timeout``: :setting:`EMAIL_TIMEOUT` * ``ssl_keyfile``: :setting:`EMAIL_SSL_KEYFILE` * ``ssl_certfile``: :setting:`EMAIL_SSL_CERTFILE` - * ``ssl_cafile``: :setting:`EMAIL_SSL_CAFILE` The SMTP backend is the default configuration inherited by Django. If you want to specify it explicitly, put the following in your settings:: @@ -631,6 +630,11 @@ SMTP backend If unspecified, the default ``timeout`` will be the one provided by :func:`socket.getdefaulttimeout()`, which defaults to ``None`` (no timeout). +.. versionchanged:: 5.2 + + The ``ssl_cafile`` argument was added. It must be a ``pem`` formatted + CA certificate which is used to validate the SMTP server certificate. + .. _topic-email-console-backend: Console backend diff --git a/tests/mail/tests.py b/tests/mail/tests.py index 309571c691..e381c7eda0 100644 --- a/tests/mail/tests.py +++ b/tests/mail/tests.py @@ -2269,26 +2269,20 @@ class SMTPBackendTests(BaseEmailBackendTests, SMTPBackendTestsBase): backend = smtp.EmailBackend() self.assertFalse(backend.use_ssl) - @override_settings(EMAIL_SSL_CAFILE="foo") - def test_email_ssl_cafile_use_settings(self): - backend = smtp.EmailBackend() - self.assertEqual(backend.ssl_cafile, "foo") - @override_settings(EMAIL_SSL_CERTFILE="foo") def test_email_ssl_certfile_use_settings(self): backend = smtp.EmailBackend() self.assertEqual(backend.ssl_certfile, "foo") - @override_settings(EMAIL_SSL_CAFILE="foo") - def test_email_ssl_cafile_override_settings(self): - backend = smtp.EmailBackend(ssl_cafile="bar") - self.assertEqual(backend.ssl_cafile, "bar") - @override_settings(EMAIL_SSL_CERTFILE="foo") def test_email_ssl_certfile_override_settings(self): backend = smtp.EmailBackend(ssl_certfile="bar") self.assertEqual(backend.ssl_certfile, "bar") + def test_email_set_ssl_cafile(self): + backend = smtp.EmailBackend(ssl_cafile="bar") + self.assertEqual(backend.ssl_cafile, "bar") + def test_email_ssl_cafile_default_disabled(self): backend = smtp.EmailBackend() self.assertIsNone(backend.ssl_cafile)