Skip to content

Commit

Permalink
Merge pull request #36 from privacybydesign/fix-insecure-smtp-ssl
Browse files Browse the repository at this point in the history 
Fix CWE-297 - improper validation of certificate with host mismatch
  • Loading branch information
@bobhageman
bobhageman authored Nov 15, 2023
2 parents 1a6aef3 + 6d25bd4 commit 56b5891
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/main/java/foundation/privacybydesign/email/EmailSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,8 @@ public static void send(String toAddresses, String subject, String body, String
Session session;
if (EmailConfiguration.getInstance().getMailUser().length() > 0) {
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.ssl.checkserveridentity", "true");

session = Session.getInstance(props, new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
Expand Down

0 comments on commit 56b5891

Please sign in to comment.