pidgin: 55897c4c: Require SSL when trying IQ-auth via pars...

darkrain42 at pidgin.im darkrain42 at pidgin.im
Sun May 24 20:35:34 EDT 2009 

-----------------------------------------------------------------
Revision: 55897c4ce0787edc1e7721b7f4a9b5cbc8357279
Ancestor: 312e056d702d29379ea61aea9d27765f127bc888
Author: darkrain42 at pidgin.im
Date: 2009-05-25T00:32:55
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/55897c4ce0787edc1e7721b7f4a9b5cbc8357279

Modified files:
        ChangeLog libpurple/protocols/jabber/auth.c

ChangeLog: 

Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.

-------------- next part --------------
============================================================
--- ChangeLog	5ac03d1f17bf67264fcad4f09f5d8e0d8c9c541e
+++ ChangeLog	87354c4f4c687cbdcb60e75f063b19f8d03c703e
@@ -46,6 +46,8 @@ version 2.6.0 (??/??/2009):
 	* Support custom smileys in MUCs (only when all participants support the
 	  "Bits of Binary" extension, and a maximum of 10 participants are in the
 	  chat to avoid getting too many fetch requests).
+	* Fix an issue with Jabber (pre-XMPP) servers and the user's preference
+	  to require SSL not being respected.
 
 	Yahoo:
 	* P2P file transfers. (Sulabh Mahajan)
============================================================
--- libpurple/protocols/jabber/auth.c	c6da33813f947a747b08aec752db34db121516fd
+++ libpurple/protocols/jabber/auth.c	4846e5134fd09bde6ad21cd0b75b64693e90e5ea
@@ -689,6 +689,18 @@ void jabber_auth_start_old(JabberStream 
 	JabberIq *iq;
 	xmlnode *query, *username;
 
+	/* We can end up here without encryption if the server doesn't support
+	 * <stream:features/> and we're not using old-style SSL.  If the user
+	 * is requiring SSL/TLS, we need to enforce it.
+	 */
+	if (!jabber_stream_is_ssl(js) &&
+			purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) {
+		purple_connection_error_reason (js->gc,
+			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
+			_("You require encryption, but it is not available on this server."));
+		return;
+	}
+
 #ifdef HAVE_CYRUS_SASL
 	/* If we have Cyrus SASL, then passwords will have been set
 	 * to OPTIONAL for this protocol. So, we need to do our own

More information about the Commits mailing list