From 8eac124fb99dfe619a3d64fb764b309c1a71a10a Mon Sep 17 00:00:00 2001
From: Alejandro Romero Herrera <alromh87@gmail.com>
Date: Mon, 14 Sep 2020 01:16:51 +0300
Subject: [PATCH] Fix missing SSL hostname validation [MiM Vuln]

fixes ConradIrwin/em-imap#25

Based on:
https://github.com/lostisland/faraday/commit/63cf47c95b573539f047c729bd9ad67560bc83ff
https://github.com/igrigorik/em-http-request/issues/339
---
 lib/em-imap.rb                | 1 +
 lib/em-imap/connection.rb     | 7 ++++++-
 lib/em-imap/deferrable_ssl.rb | 2 +-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/em-imap.rb b/lib/em-imap.rb
index f3f8193..88f0f06 100644
--- a/lib/em-imap.rb
+++ b/lib/em-imap.rb
@@ -14,6 +14,7 @@
 require 'em-imap/deferrable_ssl'
 require 'em-imap/connection'
 
+require 'em-imap/ssl_verifier'
 require 'em-imap/authenticators'
 require 'em-imap/client'
 $:.shift
diff --git a/lib/em-imap/connection.rb b/lib/em-imap/connection.rb
index d3f64ee..8b62ae7 100644
--- a/lib/em-imap/connection.rb
+++ b/lib/em-imap/connection.rb
@@ -20,9 +20,14 @@ module Connection
       #                     connection could not be established, or the
       #                     first response was BYE.
       #
+
+      attr_accessor :host
+
       def self.connect(host, port, ssl=false)
+        @host = host
         EventMachine.connect(host, port, self).tap do |conn|
-          conn.start_tls if ssl
+          conn.start_tls(:verify_peer => true) if ssl
+          conn.host = @host
         end
       end
 
diff --git a/lib/em-imap/deferrable_ssl.rb b/lib/em-imap/deferrable_ssl.rb
index c6858d9..b6b21eb 100644
--- a/lib/em-imap/deferrable_ssl.rb
+++ b/lib/em-imap/deferrable_ssl.rb
@@ -9,7 +9,7 @@ module DeferrableSSL
       # finished
       #
       # TODO: expose certificates so they can be verified.
-      def start_tls
+      def start_tls(verify_peer)
         unless @ssl_deferrable
           @ssl_deferrable = DG::blank
           bothback{ @ssl_deferrable.fail }