diff options
| author | Simon Brandhof <simon.brandhof@sonarsource.com> | 2018-07-20 23:23:22 +0200 |
|---|---|---|
| committer | SonarTech <sonartech@sonarsource.com> | 2018-07-25 20:21:19 +0200 |
| commit | 061a1d612fc76841e3268aaa7053b07075e78dcd (patch) | |
| tree | 5e7fa3ebcaffa468752c7f16788a97e80ce838f4 /server/sonar-server-common/src | |
| parent | dba703a9b1c3b69c46674bd8b203ec52ccde7a09 (diff) | |
| download | sonarqube-061a1d612fc76841e3268aaa7053b07075e78dcd.tar.gz sonarqube-061a1d612fc76841e3268aaa7053b07075e78dcd.zip | |
SONAR-11071 CWE-297 host of SMTP server certificate is not verified
Diffstat (limited to 'server/sonar-server-common/src')
| -rw-r--r-- | server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java b/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java index ca2236d682c..671a507ac83 100644 --- a/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java +++ b/server/sonar-server-common/src/main/java/org/sonar/server/notification/email/EmailNotificationChannel.java @@ -199,6 +199,7 @@ public class EmailNotificationChannel extends NotificationChannel { private void configureSecureConnection(SimpleEmail email) { if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "ssl")) { email.setSSLOnConnect(true); + email.setSSLCheckServerIdentity(true); email.setSslSmtpPort(String.valueOf(configuration.getSmtpPort())); // this port is not used except in EmailException message, that's why it's set with the same value than SSL port. @@ -207,6 +208,7 @@ public class EmailNotificationChannel extends NotificationChannel { } else if (StringUtils.equalsIgnoreCase(configuration.getSecureConnection(), "starttls")) { email.setStartTLSEnabled(true); email.setStartTLSRequired(true); + email.setSSLCheckServerIdentity(true); email.setSmtpPort(configuration.getSmtpPort()); } else if (StringUtils.isBlank(configuration.getSecureConnection())) { email.setSmtpPort(configuration.getSmtpPort()); |