From 28fe4cdcd151a754a1cc69c1ee09d5d9657f2a4c Mon Sep 17 00:00:00 2001
From: Nizamudeen A <nia@redhat.com>
Date: Thu, 30 Oct 2025 10:05:04 +0530
Subject: [PATCH] mgr/alerts: enforce ssl context to SMTP_SSL

Resolves: rhbz#2392901

Fixes: https://github.com/ceph/ceph/security/advisories/GHSA-xj9f-7g59-m4jx
Signed-off-by: Nizamudeen A <nia@redhat.com>
(cherry picked from commit 5f7fc5267e55089eeb1cfc87e9c1215c32439102)
(cherry picked from commit 1167b9de50c8e79e8f3d09014e4d78004abf7547)
---
 src/pybind/mgr/alerts/module.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/pybind/mgr/alerts/module.py b/src/pybind/mgr/alerts/module.py
index 50ec520d346..2374434aea7 100644
--- a/src/pybind/mgr/alerts/module.py
+++ b/src/pybind/mgr/alerts/module.py
@@ -9,6 +9,7 @@ from threading import Event
 from typing import Any, Optional, Dict, List, TYPE_CHECKING, Union
 import json
 import smtplib
+import ssl
 
 
 class Alerts(MgrModule):
@@ -236,9 +237,10 @@ class Alerts(MgrModule):
 
         # send
         try:
+            context = ssl.create_default_context()
             if self.smtp_ssl:
                 server: Union[smtplib.SMTP_SSL, smtplib.SMTP] = \
-                    smtplib.SMTP_SSL(self.smtp_host, self.smtp_port)
+                    smtplib.SMTP_SSL(self.smtp_host, self.smtp_port, context=context)
             else:
                 server = smtplib.SMTP(self.smtp_host, self.smtp_port)
             if self.smtp_password:
-- 
2.47.3