Update to jakarta.mail-api 2.1.0

[adamretter]

This updates to jakarta mail api 2.1.0 and Eclipse Angus as the new API implementation.

However this is not yet working... see eclipse-ee4j/angus-mail#37

[adamretter]

The upshot is that this change requires Java 11 at runtime.

@marcelmay are there any plans to move to Java 11?

[marcelmay]

Sorry @adamretter for the late reply.

I will roll a 2.x alpha 3 in the next few days, and then make Java 11 a requirement for GreenMail 2.x .

[mabartos]

Hello @adamretter! What's the current progress on this? :))

[mabartos]

Suggested change

	<version>1.0.0</version>
	<version>2.0.0</version>

As @lukasj suggested here: eclipse-ee4j/angus-mail#37 (comment)

[adamretter]

@mabartos No progress on my part. Is something needed?

[adamretter]

@mabartos @marcelmay I have now updated this for Eclipse Angus Mail 2.0.1 with is the Jakarta EE implementation of Jakarta Mail. However I am now seeing a couple of failing tests like:

Caused by: java.io.IOException: Can't verify identity of server: 127.0.0.1
	at org.eclipse.angus.mail.util.SocketFetcher.checkServerIdentity(SocketFetcher.java:699)
	at org.eclipse.angus.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:636)
	at org.eclipse.angus.mail.util.SocketFetcher.createSocket(SocketFetcher.java:402)
	at org.eclipse.angus.mail.util.SocketFetcher.getSocket(SocketFetcher.java:215)
	at org.eclipse.angus.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2208)

I am not sure how GreenMail sets up its SSL identity for the host... any pointers?

[mabartos]

@adamretter Have you tried to execute these tests even before the upgrade? AFAIK, it's not possible to execute tests with TLS on a local machine. As in the code, there are no certs or other stuff required for the TLS establishment.

[adamretter]

@mabartos Running mvn clean verify on master seems to show that all tests pass (before my changes).

[marcelmay]

@adamretter , @mabartos - I can have a look on the SSL issue this weekend.
GreenMail uses tweaks for local secure connections.

Configuring GreenMails DummySSLSocketFactory might do the trick, see socket fetch properties:
https://github.com/javaee/javamail/blob/master/mail/src/main/java/com/sun/mail/util/SocketFetcher.java#L87

[marcelmay]

It seems Angus Mail enables mail.<PROTOCOL>.ssl.checkserveridentity by default :
eclipse-ee4j/angus-mail#12

This breaks with JavaMail, as the default was always false:
From https://jakarta.ee/specifications/mail/1.6/apidocs/com/sun/mail/smtp/package-summary.html :

mail.smtp.ssl.checkserveridentity boolean If set to true, check the server identity as specified by RFC 2595. These additional checks based on the content of the server's certificate are intended to prevent man-in-the-middle attacks. Defaults to false.

To fix this, you'll need to set the property to false in GreenMail ServerSetup.java:

        if (isSecure()) {
            ....
            // Required for Angus Mail
            props.setProperty(MAIL_DOT + getProtocol() + ".ssl.checkserveridentity", "false");
        }

[adamretter]

@marcelmay Awesome thanks! I have just added that change now :-)

[adamretter]

@marcelmay would you be able to kick off the CI for this?

[adamretter]

@marcelmay Thanks for kicking off the CI. I just wondered if you perhaps yet had any idea of a timeline for this change to be included and released in a version of GreenMail?

[marcelmay]

I hope to roll 2.0 this weekend, and would also do an initial 2.1 "alpha" (=2.0 + this PR) then.

[marcelmay]

GreenMail 2.0 is out, will do 2.1.0-alpha-1 including this PR next at the beginning of this week.