TLS should not check the host name by default.

[tmtm]

In tlsconnect(), the host name is checked when @ssl_context.verify_mode is not OpenSSL::SSL::VERIFY_NONE, but the verify_mode of @ssl_context generated by default is nil.

[marcandre]

Good catch.
It's clearly listed that "The default mode is VERIFY_NONE, which does not perform any verification at all."

I would have expected OpenSSL::SSL::SSLContext.new.verify_mode not to be nil too.

[znz]

I prefer secure default and easy to disable.

For example, open-uri takes ssl_verify_mode:.

require 'open-uri'
URI.open('https://expired.badssl.com/', ssl_verify_mode: OpenSSL::SSL::VERIFY_NONE, &:read)

[rhenium]

I would have expected OpenSSL::SSL::SSLContext.new.verify_mode not to be nil too.

Agreed. ruby/openssl#386

[rhenium]

The change in this pull request is correct as it currently trying to verify CN/SAN without checking the signature, which is completely useless.

Aside from that, net/smtp should have a better default. In fact, other net/* libraries do verify server certificate by default. (And that's why @ssl_context.verify_mode != OpenSSL::SSL::VERIFY_NONE wasn't an issue for them.)

---

net/* libraries all have different interfaces for SSL/TLS parameters, which I think should be unified at some time, but that's yet another topic.

• net/http: Net::HTTP has attributes (listed in Net::HTTP::SSL_ATTRIBUTES), which will be passed to SSLContext#set_params[*].
• net/ftp: Net::FTP.{open,new} takes a Hash as :ssl keyword, and it will be passed to SSLContext#set_params.
• net/imap: Net::IMAP.new takes as a Hash as :ssl keyword for IMAP over SSL (and Net::IMAP#starttls's first argument, for STARTTLS), and it will passed to SSLContext#set_params.
• net/pop: Net::POP3#enable_ssl (or Net::POP3#enable_ssl) takes a Hash, and it will be passed to SSLContext#set_params.
• net/smtp: Net::SMTP#enable_tls and Net::SMTP#enable_starttls* take a pre-made SSLContext.

[*] SSLContext#set_params is a utility method to set sane default parameters for public internet services (which can be overridden by the Hash passed to the method).

[tmtm]

That's right. I also think net/smtp should be able to connect securely by default.
But that's a different story than this PR.
In this PR, I fixed that net/smtp.rb has a different implementation than the author intended.

[knu]

I agree that calling post_connection_check() does not make sense when verify_mode is not set.