== How to fix it in Java EE

=== Code examples

include::../../common/fix/code-rationale.adoc[]

:cert_variable_name: mail.smtp.ssl.checkserveridentity
:cert_variable_safe_value: true

include::../../common/fix/code-rationale-explicit.adoc[]

==== Noncompliant code example

[source,java,diff-id=11,diff-type=noncompliant]
----
import java.util.Properties;

public Properties prepareEmailConnection() {
    Properties props = new Properties();

    props.put("mail.smtp.host", "smtp.gmail.com");
    props.put("mail.smtp.socketFactory.port", "465");
    props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory"); // Noncompliant
    props.put("mail.smtp.auth", "true");
    props.put("mail.smtp.port", "465");

    return props;
}
----

==== Compliant solution

[source,java,diff-id=11,diff-type=compliant]
----
import java.util.Properties;

public Properties prepareEmailConnection() {
    Properties props = new Properties();

    props.put("mail.smtp.host", "smtp.gmail.com");
    props.put("mail.smtp.socketFactory.port", "465");
    props.put("mail.smtp.ssl.checkserveridentity", true);
    props.put("mail.smtp.socketFactory.class", "javax.net.ssl.SSLSocketFactory");
    props.put("mail.smtp.auth", "true");
    props.put("mail.smtp.port", "465");

    return props;
}
----

=== How does this work?

include::../../common/fix/validation.adoc[]

include::../../common/fix/keytool.adoc[]