[SECURITY-1851]

jenkinsci · Sep 10, 2020 · ac039ba · ac039ba
1 parent c446306
commit ac039ba
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/src/main/java/hudson/plugins/emailext/ExtendedEmailPublisherDescriptor.java b/src/main/java/hudson/plugins/emailext/ExtendedEmailPublisherDescriptor.java
@@ -300,6 +300,13 @@ public Session createSession(String from) throws MessagingException {
                 props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
             }
             props.put("mail.smtp.socketFactory.fallback", "false");
+
+            // RFC 2595 specifies additional checks that must be performed on the server's
+            // certificate to ensure that the server you connected to is the server you intended
+            // to connect to. This reduces the risk of "man in the middle" attacks.
+            if (props.getProperty("mail.smtp.ssl.checkserveridentity") == null) {
+                props.put("mail.smtp.ssl.checkserveridentity", "true");
+            }
         }
         if (!StringUtils.isBlank(acc.getSmtpUsername())) {
             props.put("mail.smtp.auth", "true");