Google Git
Sign in
gerrit/gerrit/7dfc4ddeff267d041499e2e345df66c55d26cc58^!/.
commit
7dfc4ddeff267d041499e2e345df66c55d26cc58
[log]
author
John Viklund <john.viklund@effnet.com>
Thu Aug 11 16:09:09 2016 +0200
committer
John Viklund <john.viklund@effnet.com>
Fri Aug 12 07:52:23 2016 +0200
tree
b5d9a05056b3ded3654a6fccfb8016bffd0e320e
parent
46dd51319836c1f5fb8a74a59335bf6081af1695 [diff]
Bypass hostname verification with sendemail.sslVerify

With the introduction of [1] certificates without or with a
non-matching hostname would trigger a CertificateException.
Not setting the SSLParameters when sslVerify is set to false should
allow such certificates when using TLS.

[1] https://gerrit-review.googlesource.com/#/c/75724/

Change-Id: I0411fc8d4defe456727602a508a68d731b7777da

diff --git a/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java b/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java
index ece982d..d24d179 100644
--- a/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java
+++ b/gerrit-patch-commonsnet/src/main/java/org/apache/commons/net/smtp/AuthSMTPClient.java

@@ -57,9 +57,11 @@
 
     _socket_ = sslFactory(verify).createSocket(_socket_, hostname, port, true);
 
-    SSLParameters sslParams = new SSLParameters();
-    sslParams.setEndpointIdentificationAlgorithm("HTTPS");
-    ((SSLSocket)_socket_).setSSLParameters(sslParams);
+    if (verify) {
+      SSLParameters sslParams = new SSLParameters();
+      sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+      ((SSLSocket)_socket_).setSSLParameters(sslParams);
+    }
 
     // XXX: Can't call _connectAction_() because SMTP server doesn't
     // give banner information again after STARTTLS, thus SMTP._connectAction_()