mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-10 22:19:13 +00:00
Code Issues 32 Releases Wiki Activity

Fixed 35653 -- Removed EMAIL_SSL_CAFILE option in favor of EMAIL_PROVIDERS setting.

Browse Source
This commit is contained in:
Igor Scheller 2024-08-08 12:55:42 +02:00
parent 495420eec3
commit d11dd701fc
6 changed files with 15 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
django/conf/global_settings.py
View File

@ -206,7 +206,6 @@ EMAIL_HOST_USER = ""
EMAIL_HOST_PASSWORD = "" EMAIL_HOST_PASSWORD = ""
EMAIL_USE_TLS = False EMAIL_USE_TLS = False
EMAIL_USE_SSL = False EMAIL_USE_SSL = False
EMAIL_SSL_CAFILE = None
EMAIL_SSL_CERTFILE = None EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = None EMAIL_SSL_KEYFILE = None
EMAIL_TIMEOUT = None EMAIL_TIMEOUT = None

4
django/core/mail/backends/smtp.py
View File

@ -45,9 +45,7 @@ class EmailBackend(BaseEmailBackend):
self.ssl_certfile = ( self.ssl_certfile = (
settings.EMAIL_SSL_CERTFILE if ssl_certfile is None else ssl_certfile settings.EMAIL_SSL_CERTFILE if ssl_certfile is None else ssl_certfile
) )
self.ssl_cafile = ( self.ssl_cafile = ssl_cafile
settings.EMAIL_SSL_CAFILE if ssl_cafile is None else ssl_cafile
)
if self.use_ssl and self.use_tls: if self.use_ssl and self.use_tls:
raise ValueError( raise ValueError(
"EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive, so only set " "EMAIL_USE_TLS/EMAIL_USE_SSL are mutually exclusive, so only set "

17
docs/ref/settings.txt
View File

@ -1495,17 +1495,6 @@ see the explicit TLS setting :setting:`EMAIL_USE_TLS`.
Note that :setting:`EMAIL_USE_TLS`/:setting:`EMAIL_USE_SSL` are mutually Note that :setting:`EMAIL_USE_TLS`/:setting:`EMAIL_USE_SSL` are mutually
exclusive, so only set one of those settings to ``True``. exclusive, so only set one of those settings to ``True``.
.. setting:: EMAIL_SSL_CAFILE
``EMAIL_SSL_CAFILE``
----------------------
Default: ``None``
If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can
optionally specify the path to a PEM-formatted certificate authority
root certificate to validate the SSL connection.
.. setting:: EMAIL_SSL_CERTFILE .. setting:: EMAIL_SSL_CERTFILE
``EMAIL_SSL_CERTFILE`` ``EMAIL_SSL_CERTFILE``
@ -1528,9 +1517,8 @@ If :setting:`EMAIL_USE_SSL` or :setting:`EMAIL_USE_TLS` is ``True``, you can
optionally specify the path to a PEM-formatted private key file to use for the optionally specify the path to a PEM-formatted private key file to use for the
SSL connection. SSL connection.
Note that setting :setting:`EMAIL_SSL_CERTFILE`, :setting:`EMAIL_SSL_KEYFILE` Note that setting :setting:`EMAIL_SSL_CERTFILE` and :setting:`EMAIL_SSL_KEYFILE`
or :setting:`EMAIL_SSL_CAFILE` doesn't result in any certificate checking. doesn't result in any certificate checking. They're passed to the underlying SSL
They're passed to the underlying SSL
connection. Please refer to the documentation of Python's connection. Please refer to the documentation of Python's
:meth:`python:ssl.SSLContext.wrap_socket` function for details on how the :meth:`python:ssl.SSLContext.wrap_socket` function for details on how the
certificate chain file and private key file are handled. certificate chain file and private key file are handled.
@ -3643,7 +3631,6 @@ Email
* :setting:`EMAIL_HOST_PASSWORD` * :setting:`EMAIL_HOST_PASSWORD`
* :setting:`EMAIL_HOST_USER` * :setting:`EMAIL_HOST_USER`
* :setting:`EMAIL_PORT` * :setting:`EMAIL_PORT`
* :setting:`EMAIL_SSL_CAFILE`
* :setting:`EMAIL_SSL_CERTFILE` * :setting:`EMAIL_SSL_CERTFILE`
* :setting:`EMAIL_SSL_KEYFILE` * :setting:`EMAIL_SSL_KEYFILE`
* :setting:`EMAIL_SUBJECT_PREFIX` * :setting:`EMAIL_SUBJECT_PREFIX`

4
docs/releases/5.2.txt
View File

@ -220,8 +220,8 @@ Email
returns a boolean indicating whether a provided text is contained in the returns a boolean indicating whether a provided text is contained in the
email ``body`` and in all attached MIME type ``text/*`` alternatives. email ``body`` and in all attached MIME type ``text/*`` alternatives.
* The SMTP email backend now supports certificate validation using a ``cafile`` * The SMTP :class:`~django.core.mail.backends.smtp.EmailBackend` now supports
with the :setting:`EMAIL_SSL_CAFILE` setting. certificate validation by setting the new ``ssl_cafile`` parameter.
Error Reporting Error Reporting
~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~

8
docs/topics/email.txt
View File

@ -609,7 +609,7 @@ SMTP backend
This is the default backend. Email will be sent through a SMTP server. This is the default backend. Email will be sent through a SMTP server.
The value for each argument is retrieved from the matching setting if the The value for most arguments is retrieved from the matching setting if the
argument is ``None``: argument is ``None``:
* ``host``: :setting:`EMAIL_HOST` * ``host``: :setting:`EMAIL_HOST`
@ -621,7 +621,6 @@ SMTP backend
* ``timeout``: :setting:`EMAIL_TIMEOUT` * ``timeout``: :setting:`EMAIL_TIMEOUT`
* ``ssl_keyfile``: :setting:`EMAIL_SSL_KEYFILE` * ``ssl_keyfile``: :setting:`EMAIL_SSL_KEYFILE`
* ``ssl_certfile``: :setting:`EMAIL_SSL_CERTFILE` * ``ssl_certfile``: :setting:`EMAIL_SSL_CERTFILE`
* ``ssl_cafile``: :setting:`EMAIL_SSL_CAFILE`
The SMTP backend is the default configuration inherited by Django. If you The SMTP backend is the default configuration inherited by Django. If you
want to specify it explicitly, put the following in your settings:: want to specify it explicitly, put the following in your settings::
@ -631,6 +630,11 @@ SMTP backend
If unspecified, the default ``timeout`` will be the one provided by If unspecified, the default ``timeout`` will be the one provided by
:func:`socket.getdefaulttimeout()`, which defaults to ``None`` (no timeout). :func:`socket.getdefaulttimeout()`, which defaults to ``None`` (no timeout).
.. versionchanged:: 5.2
The ``ssl_cafile`` argument was added. It must be a ``pem`` formatted
CA certificate which is used to validate the SMTP server certificate.
.. _topic-email-console-backend: .. _topic-email-console-backend:
Console backend Console backend

14
tests/mail/tests.py
View File

@ -2269,26 +2269,20 @@ class SMTPBackendTests(BaseEmailBackendTests, SMTPBackendTestsBase):
backend = smtp.EmailBackend() backend = smtp.EmailBackend()
self.assertFalse(backend.use_ssl) self.assertFalse(backend.use_ssl)
@override_settings(EMAIL_SSL_CAFILE="foo")
def test_email_ssl_cafile_use_settings(self):
backend = smtp.EmailBackend()
self.assertEqual(backend.ssl_cafile, "foo")
@override_settings(EMAIL_SSL_CERTFILE="foo") @override_settings(EMAIL_SSL_CERTFILE="foo")
def test_email_ssl_certfile_use_settings(self): def test_email_ssl_certfile_use_settings(self):
backend = smtp.EmailBackend() backend = smtp.EmailBackend()
self.assertEqual(backend.ssl_certfile, "foo") self.assertEqual(backend.ssl_certfile, "foo")
@override_settings(EMAIL_SSL_CAFILE="foo")
def test_email_ssl_cafile_override_settings(self):
backend = smtp.EmailBackend(ssl_cafile="bar")
self.assertEqual(backend.ssl_cafile, "bar")
@override_settings(EMAIL_SSL_CERTFILE="foo") @override_settings(EMAIL_SSL_CERTFILE="foo")
def test_email_ssl_certfile_override_settings(self): def test_email_ssl_certfile_override_settings(self):
backend = smtp.EmailBackend(ssl_certfile="bar") backend = smtp.EmailBackend(ssl_certfile="bar")
self.assertEqual(backend.ssl_certfile, "bar") self.assertEqual(backend.ssl_certfile, "bar")
def test_email_set_ssl_cafile(self):
backend = smtp.EmailBackend(ssl_cafile="bar")
self.assertEqual(backend.ssl_cafile, "bar")
def test_email_ssl_cafile_default_disabled(self): def test_email_ssl_cafile_default_disabled(self):
backend = smtp.EmailBackend() backend = smtp.EmailBackend()
self.assertIsNone(backend.ssl_cafile) self.assertIsNone(backend.ssl_cafile)