SMTP Cert/Key Configuration

we use the docker container getindico/indico:3.0 for Indico.
To send emails we would need to specify a matching cert and key file (our email server only allows certain fingerprints through).
Everything is actually available in the code for this - only the corresponding conf variables are not used.

 self.ssl_keyfile = (
            if ssl_keyfile is None
            else ssl_keyfile
        self.ssl_certfile = (
            if ssl_certfile is None
            else ssl_certfile
  if not self.use_ssl and self.use_tls:
                    keyfile=self.ssl_keyfile, certfile=self.ssl_certfile

But the Keys EMAIL_SSL_KEYFILE and EMAIL_SSL_CERTFILE are not passed.

def configure_emails(app, config):
    # TODO: use more straightforward mapping between EMAIL_* app settings and indico.conf settings
    app.config['EMAIL_BACKEND'] = 'indico.vendor.django_mail.backends.smtp.EmailBackend'
    app.config['EMAIL_HOST'] = config.SMTP_SERVER[0]
    app.config['EMAIL_PORT'] = config.SMTP_SERVER[1]
    app.config['EMAIL_HOST_USER'] = config.SMTP_LOGIN
    app.config['EMAIL_HOST_PASSWORD'] = config.SMTP_PASSWORD
    app.config['EMAIL_USE_TLS'] = config.SMTP_USE_TLS
    app.config['EMAIL_USE_SSL'] = False
    app.config['EMAIL_TIMEOUT'] = config.SMTP_TIMEOUT

So currently we patch two files -

app.config['EMAIL_SSL_KEYFILE'] = config.SMTP_KEYFILE

and indico/core/ (to set defaults → None).
With these patches we build an additional docker image.

This is unfortunately quite inconvenient (especially when indico is updated you always have to check if the patches still fit) - so I wanted to ask if I just overlooked something how to pass a cert/key file ?

So far nobody asked for this - and honestly, I’m surprised that people actually do TLS client cert auth for SMTP. Seems so much more straightforward to just have a randomly generated token/password.

Anyway, if you send a PR (3.0.x) branch we can add this. Please also make sure to add it in and settings.rst