Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
authorPaul Aurich <darkrain42@pidgin.im>
Mon, 25 May 2009 00:32:55 +0000
changeset447ef31d038a pushlog
parent 81060432c077
child 44d5d9f819a1
Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
ChangeLog
libpurple/protocols/jabber/auth.c
     1.1 --- a/ChangeLog
     1.2 +++ b/ChangeLog
     1.3 @@ -46,6 +46,8 @@
     1.4  	* Support custom smileys in MUCs (only when all participants support the
     1.5  	  "Bits of Binary" extension, and a maximum of 10 participants are in the
     1.6  	  chat to avoid getting too many fetch requests).
     1.7 +	* Fix an issue with Jabber (pre-XMPP) servers and the user's preference
     1.8 +	  to require SSL not being respected.
     1.9  
    1.10  	Yahoo:
    1.11  	* P2P file transfers. (Sulabh Mahajan)
     2.1 --- a/libpurple/protocols/jabber/auth.c
     2.2 +++ b/libpurple/protocols/jabber/auth.c
     2.3 @@ -689,6 +689,18 @@
     2.4  	JabberIq *iq;
     2.5  	xmlnode *query, *username;
     2.6  
     2.7 +	/* We can end up here without encryption if the server doesn't support
     2.8 +	 * <stream:features/> and we're not using old-style SSL.  If the user
     2.9 +	 * is requiring SSL/TLS, we need to enforce it.
    2.10 +	 */
    2.11 +	if (!jabber_stream_is_ssl(js) &&
    2.12 +			purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) {
    2.13 +		purple_connection_error_reason (js->gc,
    2.14 +			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
    2.15 +			_("You require encryption, but it is not available on this server."));
    2.16 +		return;
    2.17 +	}
    2.18 +
    2.19  #ifdef HAVE_CYRUS_SASL
    2.20  	/* If we have Cyrus SASL, then passwords will have been set
    2.21  	 * to OPTIONAL for this protocol. So, we need to do our own