security: fix CWE-297 - improper validation of certificate with host …

…mismatch
privacybydesign · Nov 9, 2023 · 6d25bd4 · 6d25bd4
1 parent 1a6aef3
commit 6d25bd4
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/src/main/java/foundation/privacybydesign/email/EmailSender.java b/src/main/java/foundation/privacybydesign/email/EmailSender.java
@@ -41,6 +41,8 @@ public static void send(String toAddresses, String subject, String body, String
         Session session;
         if (EmailConfiguration.getInstance().getMailUser().length() > 0) {
             props.put("mail.smtp.auth", "true");
+            props.put("mail.smtp.ssl.checkserveridentity", "true");
+
             session = Session.getInstance(props, new Authenticator() {
                 @Override
                 protected PasswordAuthentication getPasswordAuthentication() {