Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
authorPaul Aurich <darkrain42@pidgin.im>
Mon, 25 May 2009 00:32:55 +0000
changeset447ef31d038a pushlog
parent 81060432c077
child 44d5d9f819a1
Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
ChangeLog
libpurple/protocols/jabber/auth.c
      1.1 --- a/ChangeLog
      1.2 +++ b/ChangeLog
      1.3 @@ -46,6 +46,8 @@
      1.4  	* Support custom smileys in MUCs (only when all participants support the
      1.5  	  "Bits of Binary" extension, and a maximum of 10 participants are in the
      1.6  	  chat to avoid getting too many fetch requests).
      1.7 +	* Fix an issue with Jabber (pre-XMPP) servers and the user's preference
      1.8 +	  to require SSL not being respected.
      1.9  
     1.10  	Yahoo:
     1.11  	* P2P file transfers. (Sulabh Mahajan)
      2.1 --- a/libpurple/protocols/jabber/auth.c
      2.2 +++ b/libpurple/protocols/jabber/auth.c
      2.3 @@ -689,6 +689,18 @@
      2.4  	JabberIq *iq;
      2.5  	xmlnode *query, *username;
      2.6  
      2.7 +	/* We can end up here without encryption if the server doesn't support
      2.8 +	 * <stream:features/> and we're not using old-style SSL.  If the user
      2.9 +	 * is requiring SSL/TLS, we need to enforce it.
     2.10 +	 */
     2.11 +	if (!jabber_stream_is_ssl(js) &&
     2.12 +			purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) {
     2.13 +		purple_connection_error_reason (js->gc,
     2.14 +			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
     2.15 +			_("You require encryption, but it is not available on this server."));
     2.16 +		return;
     2.17 +	}
     2.18 +
     2.19  #ifdef HAVE_CYRUS_SASL
     2.20  	/* If we have Cyrus SASL, then passwords will have been set
     2.21  	 * to OPTIONAL for this protocol. So, we need to do our own