opendev/gerrit
Code Issues Proposed changes

Bypass hostname verification with sendemail.sslVerify

Browse Source 
With the introduction of [1] certificates without or with a
non-matching hostname would trigger a CertificateException.
Not setting the SSLParameters when sslVerify is set to false should
allow such certificates when using TLS.

[1] https://gerrit-review.googlesource.com/#/c/75724/

Change-Id: I0411fc8d4defe456727602a508a68d731b7777da
This commit is contained in:
John Viklund
2016-08-11 16:09:09 +02:00
parent 46dd513198
commit 7dfc4ddeff
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java
View File

@@ -57,9 +57,11 @@ public class AuthSMTPClient extends SMTPClient {
_socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true);
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLSocket)_socket_).setSSLParameters(sslParams);
if (verify) {
SSLParameters sslParams = new SSLParameters();
sslParams.setEndpointIdentificationAlgorithm("HTTPS");
((SSLSocket)_socket_).setSSLParameters(sslParams);
}
// XXX: Can't call _connectAction_() because SMTP server doesn't
// give banner information again after STARTTLS, thus SMTP._connectAction_()