From: Simon Brandhof Date: Wed, 25 Jul 2018 08:14:30 +0000 (+0200) Subject: SONAR-11071 CWE-297 host of SMTP server certificate is not verified X-Git-Tag: 6.7.5~19 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3a64b9e09439b66821d0539b721868f37a7cb110;p=sonarqube.git SONAR-11071 CWE-297 host of SMTP server certificate is not verified --- diff --git a/server/sonar-server/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java b/server/sonar-server/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java index fe4b126ba37..bd6d0246923 100644 --- a/server/sonar-server/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java +++ b/server/sonar-server/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java @@ -188,6 +188,7 @@ public class EmailNotificationChannel extends NotificationChannel { private void configureSecureConnection(SimpleEmail email) { if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "ssl")) { email.setSSLOnConnect(true); + email.setSSLCheckServerIdentity(true); email.setSslSmtpPort(String.valueOf(configuration.getSmtpPort())); // this port is not used except in EmailException message, that's why it's set with the same value than SSL port. @@ -196,6 +197,7 @@ public class EmailNotificationChannel extends NotificationChannel { } else if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "starttls")) { email.setStartTLSEnabled(true); email.setStartTLSRequired(true); + email.setSSLCheckServerIdentity(true); email.setSmtpPort(configuration.getSmtpPort()); } else if (StringUtils.isBlank(configuration.getSecureConnection())) { email.setSmtpPort(configuration.getSmtpPort());