Merge pull request #6 from tmtm/ssl_context_verify_mode

TLS should not check the host name by default.
ruby · Jul 20, 2020 · 219ba20 · 219ba20
2 parents 58ec00f + bde75a1
commit 219ba20
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb
@@ -583,7 +583,7 @@ def tlsconnect(s)
       s.sync_close = true
       s.hostname = @address if s.respond_to? :hostname=
       ssl_socket_connect(s, @open_timeout)
-      if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+      if @ssl_context.verify_mode && @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
         s.post_connection_check(@address)
       end
       verified = true

diff --git a/test/net/smtp/test_ssl_socket.rb b/test/net/smtp/test_ssl_socket.rb
@@ -53,8 +53,10 @@ def post_connection_check omg
         end
       }
 
+      ssl_context = OpenSSL::SSL::SSLContext.new
+      ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
       connection = MySMTP.new('localhost', 25)
-      connection.enable_starttls_auto
+      connection.enable_starttls_auto(ssl_context)
       connection.fake_tcp = tcp_socket
       connection.fake_ssl = ssl_socket