From 3700e8f96810540c574cc6733404c91fa116f650 Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Mon, 27 May 2013 13:16:22 +0100 Subject: [PATCH] security: respect tls-required flag on legacy Jabber servers It's checked elsewhere for XMPP 1.0 servers, which can either use "old SSL" or perform STARTTLS. Legacy Jabber can only use "old SSL", which is similar to https - connect to a separate port, typically 5223, and start speaking SSL - so if the connection was ever going to be encrypted, by this point it already would be. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036 --- wocky/wocky-connector.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c index 133b9fd..3287285 100644 --- a/wocky/wocky-connector.c +++ b/wocky/wocky-connector.c @@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source, if (!priv->legacy_support) abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER, "Server not XMPP 1.0 Compliant"); + else if (priv->tls_required && !priv->encrypted) + abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE, + "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")"); else jabber_request_auth (self); } -- 1.7.10.4