changeset
Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
Mon, 25 May 2009 00:32:55 +0000
- author
- Paul Aurich <darkrain42@pidgin.im>
- date
- Mon, 25 May 2009 00:32:55 +0000
- changeset 27170
- 447ef31d038a
- parent 27168
- 81060432c077
- child 27171
- 44d5d9f819a1
Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
| ChangeLog | file | annotate | diff | comparison | revisions | |
| libpurple/protocols/jabber/auth.c | file | annotate | diff | comparison | revisions |
--- a/ChangeLog Sun May 24 06:30:02 2009 +0000 +++ b/ChangeLog Mon May 25 00:32:55 2009 +0000 @@ -46,6 +46,8 @@ * Support custom smileys in MUCs (only when all participants support the "Bits of Binary" extension, and a maximum of 10 participants are in the chat to avoid getting too many fetch requests). + * Fix an issue with Jabber (pre-XMPP) servers and the user's preference + to require SSL not being respected. Yahoo: * P2P file transfers. (Sulabh Mahajan)
--- a/libpurple/protocols/jabber/auth.c Sun May 24 06:30:02 2009 +0000 +++ b/libpurple/protocols/jabber/auth.c Mon May 25 00:32:55 2009 +0000 @@ -689,6 +689,18 @@ JabberIq *iq; xmlnode *query, *username; + /* We can end up here without encryption if the server doesn't support + * <stream:features/> and we're not using old-style SSL. If the user + * is requiring SSL/TLS, we need to enforce it. + */ + if (!jabber_stream_is_ssl(js) && + purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) { + purple_connection_error_reason (js->gc, + PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR, + _("You require encryption, but it is not available on this server.")); + return; + } + #ifdef HAVE_CYRUS_SASL /* If we have Cyrus SASL, then passwords will have been set * to OPTIONAL for this protocol. So, we need to do our own
