Bug 38719

Summary: Enable require-encryption by default
Product: Telepathy Reporter: Will Thompson <will>
Component: gabbleAssignee: Telepathy bugs list <telepathy-bugs>
Status: RESOLVED FIXED QA Contact: Telepathy bugs list <telepathy-bugs>
Severity: normal    
Priority: medium Keywords: patch
Version: git master   
Hardware: Other   
OS: All   
URL: http://cgit.collabora.com/git/user/wjt/telepathy-gabble-wjt.git/log/?h=encryption
Whiteboard:
i915 platform: i915 features:

Description Will Thompson 2011-06-27 09:34:24 UTC 
It's 2011, every XMPP server worth its salt supports starttls, and we have interactive certificate verification. I think it's time for Gabble to enable require-encryption by default.

How does this change its behaviour? With require-encryption = False, it would <starttls/> if at all possible; if the certificate was untrusted, and the ServerTLSChannel is Close()d (because there's no handler), then Gabble would allow the connection to continue anyway, because the <starttls/> was opportunistic. With require-encryption = True and ignore-ssl-errors = False (the default), this will make the connection attempt fail.

I propose making this change in the unstable branch, because it'll break people if we put it in the stable branch.
Comment 1 Will Thompson 2011-06-27 09:34:39 UTC 
Here's a related Empathy branch. http://cgit.collabora.com/git/user/wjt/empathy.git/log/?h=account-parameters
Comment 2 Guillaume Desmottes 2011-06-28 00:59:35 UTC 
You should update the manager file as well.
Comment 3 Will Thompson 2011-06-28 05:50:32 UTC 
(In reply to comment #2)
> You should update the manager file as well.

It's generated as part of the build process. But I've pushed a patch which fixes the dependencies on write-mgr-file which had prevented it being regenerated in my tree.
Comment 4 Will Thompson 2011-07-13 08:54:37 UTC 
The corresponding Empathy branch has been merged: Empathy 3.1.3 or so now explicitly sets require-encryption=True on new accounts.

I think Gabble's default should still be changed: this will “fix” existing accounts, and is a sensible default.
Comment 5 Will Thompson 2011-07-13 09:29:36 UTC 
I merged this: Guillaume seemed okay with the change in principle, and Vivek took a look over the branch and is also okay with it.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.