From 061a1d612fc76841e3268aaa7053b07075e78dcd Mon Sep 17 00:00:00 2001
From: Simon Brandhof <simon.brandhof@sonarsource.com>
Date: Fri, 20 Jul 2018 23:23:22 +0200
Subject: [PATCH] SONAR-11071 CWE-297 host of SMTP server certificate is not
 verified

---
 .../server/notification/email/EmailNotificationChannel.java     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java b/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java
index ca2236d682c..671a507ac83 100644
--- a/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java
+++ b/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java
@@ -199,6 +199,7 @@ public class EmailNotificationChannel extends NotificationChannel {
   private void configureSecureConnection(SimpleEmail email) {
     if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "ssl")) {
       email.setSSLOnConnect(true);
+      email.setSSLCheckServerIdentity(true);
       email.setSslSmtpPort(String.valueOf(configuration.getSmtpPort()));
 
       // this port is not used except in EmailException message, that's why it's set with the same value than SSL port.
@@ -207,6 +208,7 @@ public class EmailNotificationChannel extends NotificationChannel {
     } else if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "starttls")) {
       email.setStartTLSEnabled(true);
       email.setStartTLSRequired(true);
+      email.setSSLCheckServerIdentity(true);
       email.setSmtpPort(configuration.getSmtpPort());
     } else if (StringUtils.isBlank(configuration.getSecureConnection())) {
       email.setSmtpPort(configuration.getSmtpPort());
-- 
2.39.5