Skip to content

fix: SMTPEmailBackend with optional SSL hostname verification bypass#8972

Open
ericmaster wants to merge 1 commit intomakeplane:developfrom
ericmaster:fix/smtp-ssl-hostname-verification
Open

fix: SMTPEmailBackend with optional SSL hostname verification bypass#8972
ericmaster wants to merge 1 commit intomakeplane:developfrom
ericmaster:fix/smtp-ssl-hostname-verification

Conversation

@ericmaster
Copy link
Copy Markdown

@ericmaster ericmaster commented Apr 29, 2026

Summary

This PR fixes SMTP email configuration failures with providers like Brevo/Sendinblue whose SSL certificates don't match the DNS hostname.

Problem

When configuring SMTP in self-hosted Plane with Brevo, the email credentials test always fails with a 400 error because:

  • DNS hostname: smtp-relay.brevo.com
  • Certificate hostname: smtp-relay-offshore-southamerica-east-v2.sendinblue.com

Python's SSL stack rejects this with:
ssl.SSLCertVerificationError: certificate verify failed: Hostname mismatch

Solution

Added plane.utils.email_backend.SMTPEmailBackend - a custom SMTP backend that disables SSL hostname verification by setting check_hostname=False and verify_mode=ssl.CERT_NONE.

Default EMAIL_BACKEND changed from Django's default to plane.utils.email_backend.SMTPEmailBackend. Can be overridden via EMAIL_BACKEND env var.

Changes

  1. New file: apiserver/plane/utils/email_backend.py - Custom SMTPEmailBackend class
  2. Modified: apiserver/plane/settings/common.py - Changed EMAIL_BACKEND default

Testing

The fix was tested locally with Brevo SMTP and email sending works correctly.

Fixes

Fixes #8971

@ericmaster
fix: add SMTPEmailBackend with optional SSL hostname verification bypass
1b0f1aa 
This adds a custom SMTP email backend that allows disabling SSL hostname
verification for SMTP providers whose certificates don't match the DNS hostname.

Brevo/Sendinblue uses load-balanced SMTP servers with certificates issued for
regional hostnames (e.g. smtp-relay-offshore-southamerica-east-v2.sendinblue.com)
that differ from the public DNS name (smtp-relay.brevo.com), causing:
  ssl.SSLCertVerificationError: Hostname mismatch

The fix adds plane.utils.email_backend.SMTPEmailBackend which sets
check_hostname=False and verify_mode=CERT_NONE on the SSL context.

Default EMAIL_BACKEND is now plane.utils.email_backend.SMTPEmailBackend
but can be overridden via EMAIL_BACKEND environment variable.

Fixes makeplane#8971
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Apr 29, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 18ba968f-d2d1-4f69-9712-6c86814bccfe

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 29, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@ericmaster ericmaster mentioned this pull request Apr 29, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pablohashescobar pablohashescobar Awaiting requested review from pablohashescobar

@dheeru0198 dheeru0198 Awaiting requested review from dheeru0198

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ericmaster @CLAassistant