From 7dfc4ddeff267d041499e2e345df66c55d26cc58 Mon Sep 17 00:00:00 2001 From: John Viklund Date: Thu, 11 Aug 2016 16:09:09 +0200 Subject: [PATCH] Bypass hostname verification with sendemail.sslVerify With the introduction of [1] certificates without or with a non-matching hostname would trigger a CertificateException. Not setting the SSLParameters when sslVerify is set to false should allow such certificates when using TLS. [1] https://gerrit-review.googlesource.com/#/c/75724/ Change-Id: I0411fc8d4defe456727602a508a68d731b7777da --- .../java/org/apache/commons/net/smtp/AuthSMTPClient.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java b/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java index ece982da8a..d24d179954 100644 --- a/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java +++ b/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java @@ -57,9 +57,11 @@ public class AuthSMTPClient extends SMTPClient { _socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true); - SSLParameters sslParams = new SSLParameters(); - sslParams.setEndpointIdentificationAlgorithm("HTTPS"); - ((SSLSocket)_socket_).setSSLParameters(sslParams); + if (verify) { + SSLParameters sslParams = new SSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + ((SSLSocket)_socket_).setSSLParameters(sslParams); + } // XXX: Can't call _connectAction_() because SMTP server doesn't // give banner information again after STARTTLS, thus SMTP._connectAction_()