It's 2011, every XMPP server worth its salt supports starttls, and we have interactive certificate verification. I think it's time for Gabble to enable require-encryption by default. How does this change its behaviour? With require-encryption = False, it would <starttls/> if at all possible; if the certificate was untrusted, and the ServerTLSChannel is Close()d (because there's no handler), then Gabble would allow the connection to continue anyway, because the <starttls/> was opportunistic. With require-encryption = True and ignore-ssl-errors = False (the default), this will make the connection attempt fail. I propose making this change in the unstable branch, because it'll break people if we put it in the stable branch.
Here's a related Empathy branch. http://cgit.collabora.com/git/user/wjt/empathy.git/log/?h=account-parameters
You should update the manager file as well.
(In reply to comment #2) > You should update the manager file as well. It's generated as part of the build process. But I've pushed a patch which fixes the dependencies on write-mgr-file which had prevented it being regenerated in my tree.
The corresponding Empathy branch has been merged: Empathy 3.1.3 or so now explicitly sets require-encryption=True on new accounts. I think Gabble's default should still be changed: this will “fix” existing accounts, and is a sensible default.
I merged this: Guillaume seemed okay with the change in principle, and Vivek took a look over the branch and is also okay with it.
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.