65302de24316b21a3955265203c60cf663067743,src/main/java/org/apache/commons/net/smtp/SMTPSClient.java,SMTPSClient,performSSLNegotiation,#,182

Before Change


        initSSLContext();

        SSLSocketFactory ssf = context.getSocketFactory();
        String ip = getRemoteAddress().getHostAddress();
        int port = getRemotePort();
        SSLSocket socket =
            (SSLSocket) ssf.createSocket(_socket_, ip, port, true);

After Change


        initSSLContext();

        SSLSocketFactory ssf = context.getSocketFactory();
        String host = (_hostname_ != null) ? _hostname_ : getRemoteAddress().getHostAddress();
        int port = getRemotePort();
        SSLSocket socket =
            (SSLSocket) ssf.createSocket(_socket_, host, port, true);
        socket.setEnableSessionCreation(true);
        socket.setUseClientMode(true);

        if (tlsEndpointChecking) {
            SSLSocketUtils.enableEndpointNameVerification(socket);
        }
        if (protocols != null) {
            socket.setEnabledProtocols(protocols);
        }
        if (suites != null) {
            socket.setEnabledCipherSuites(suites);
        }
        socket.startHandshake();

        // TODO the following setup appears to duplicate that in the super class methods
        _socket_ = socket;
        _input_ = socket.getInputStream();
        _output_ = socket.getOutputStream();
        _reader = new CRLFLineReader(
                        new InputStreamReader(_input_, encoding));
        _writer = new BufferedWriter(
                        new OutputStreamWriter(_output_, encoding));

        if (hostnameVerifier != null && !hostnameVerifier.verify(host, socket.getSession())) {
            throw new SSLHandshakeException("Hostname doesn't match certificate");
        }
    }