From 6d25bd4119448c12584f46c5e4cecfe383493170 Mon Sep 17 00:00:00 2001
From: Bob Hageman <bob@schluss.org>
Date: Thu, 9 Nov 2023 09:49:22 +0100
Subject: [PATCH] security: fix CWE-297 - improper validation of certificate
 with host mismatch

---
 src/main/java/foundation/privacybydesign/email/EmailSender.java | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/main/java/foundation/privacybydesign/email/EmailSender.java b/src/main/java/foundation/privacybydesign/email/EmailSender.java
index 42e9e73..5b27af7 100644
--- a/src/main/java/foundation/privacybydesign/email/EmailSender.java
+++ b/src/main/java/foundation/privacybydesign/email/EmailSender.java
@@ -41,6 +41,8 @@ public static void send(String toAddresses, String subject, String body, String
         Session session;
         if (EmailConfiguration.getInstance().getMailUser().length() > 0) {
             props.put("mail.smtp.auth", "true");
+            props.put("mail.smtp.ssl.checkserveridentity", "true");
+            
             session = Session.getInstance(props, new Authenticator() {
                 @Override
                 protected PasswordAuthentication getPasswordAuthentication() {