Last item of this 4.2 release notes section (https://docs.djangoproject.com/en/4.2/releases/4.2/#miscellaneous) mentions:
EmailBackend now verifies a hostname and certificates. If you need the previous behavior that is less restrictive and not recommended, subclass EmailBackend and override the ssl_context property.
How am I supposed to “go back to the previous behaviour”? How should ssl_context be overriden? Should I just take the source from 4.1.10 and call it done?
Wouldn’t it make sense to revert to the previous behaviour via a settings?
Your questions made me curious enough this morning to want to take a look at this.
I suggest you read the source for django.core.mail.backedns.smtp.EmailBackend, you’ll see that ssl_context is defined as a @cached_property. It appears that the recommendation is that it’s this method that should be overridden.
You’ll see that this context being used comes from Python’s smtp library and that this change in Django is being done as a result of changes being made in Python. I suggest you read through that page to understand what’s going on.
See the following links if you’re interested in the details as it relates to this issue:
So yes, you could go back to the previous code as long as you never implement Python > 3.11. (Obviously, I would never recommend doing that.)
aww crap.
The exim box can only be reached by me so I really need to get rid of this error:
2023-07-10 09:29:37 TLS error on connection from (script) [192.168.x.x] (SSL_accept): error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca
This is avoided by taking the code from 4.1.10 (“MyEmailBackend”) and declaring it in settings.
As soon as I use the “standard” django.core.mail.backends.smtp.EmailBackend, things break.
looking into those links…
I am happy with overriding in the correct way (to support 3.12+) … thing is … how?
Part of it may depend upon the mail server.
From the client-side only, you might try setting ssl.CERT_NONE in your EmailBackend class. See the paragraph in Manual Settings
(Note: All conjecture on my part - I’ve never actually had to try any of this. I’m just going by what I’m seeing in the code & docs.)