From: Simon McVittie Date: Mon, 27 May 2013 13:16:22 +0100 Subject: [PATCH] security: respect tls-required flag on legacy Jabber servers It's checked elsewhere for XMPP 1.0 servers, which can either use "old SSL" or perform STARTTLS. Legacy Jabber can only use "old SSL", which is similar to https - connect to a separate port, typically 5223, and start speaking SSL - so if the connection was ever going to be encrypted, by this point it already would be. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036 Reviewed-by: Sjoerd Simons Origin: upstream, 0.16.6 --- wocky/wocky-connector.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/ext/wocky/wocky/wocky-connector.c b/lib/ext/wocky/wocky/wocky-connector.c index 133b9fd..3287285 100644 --- a/lib/ext/wocky/wocky/wocky-connector.c +++ b/lib/ext/wocky/wocky/wocky-connector.c @@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source, if (!priv->legacy_support) abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER, "Server not XMPP 1.0 Compliant"); + else if (priv->tls_required && !priv->encrypted) + abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE, + "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")"); else jabber_request_auth (self); }