From bde75a15b5bb4be2a1b1a919d4254285d49c5eb1 Mon Sep 17 00:00:00 2001
From: TOMITA Masahiro <tommy@tmtm.org>
Date: Wed, 15 Jul 2020 00:50:16 +0900
Subject: [PATCH] TLS should not check the host name by default.

In tlsconnect(), the host name is checked when
@ssl_context.verify_mode is not OpenSSL::SSL::VERIFY_NONE, but the
verify_mode of @ssl_context generated by default is nil.
---
 lib/net/smtp.rb                  | 2 +-
 test/net/smtp/test_ssl_socket.rb | 4 +++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/net/smtp.rb b/lib/net/smtp.rb
index 801f662..c865799 100644
--- a/lib/net/smtp.rb
+++ b/lib/net/smtp.rb
@@ -582,7 +582,7 @@ def tlsconnect(s)
       logging "TLS connection started"
       s.sync_close = true
       ssl_socket_connect(s, @open_timeout)
-      if @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
+      if @ssl_context.verify_mode && @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE
         s.post_connection_check(@address)
       end
       verified = true
diff --git a/test/net/smtp/test_ssl_socket.rb b/test/net/smtp/test_ssl_socket.rb
index 342391f..dd9529f 100644
--- a/test/net/smtp/test_ssl_socket.rb
+++ b/test/net/smtp/test_ssl_socket.rb
@@ -53,8 +53,10 @@ def post_connection_check omg
         end
       }
 
+      ssl_context = OpenSSL::SSL::SSLContext.new
+      ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
       connection = MySMTP.new('localhost', 25)
-      connection.enable_starttls_auto
+      connection.enable_starttls_auto(ssl_context)
       connection.fake_tcp = tcp_socket
       connection.fake_ssl = ssl_socket