cpw.ivan: d849dc2a: This is kind of controversial, but appar...

Sat Oct 30 17:16:08 EDT 2010

----------------------------------------------------------------------
Revision: d849dc2a852a4ffdd345a150f0b88ab37de36e36
Parent:   b6d7712e90b68610df3bd2d8cbaf46d94c8b3794
Author:   ivan.komarov at soc.pidgin.im
Date:     10/30/10 13:08:00
Branch:   im.pidgin.cpw.ivan
URL: http://d.pidgin.im/viewmtn/revision/info/d849dc2a852a4ffdd345a150f0b88ab37de36e36

Changelog: 

This is kind of controversial, but apparently not having tlsCertName
in the startOSCARSession response is normal and indicates we
shouldn't use SSL for connecting to BOS even if we requested
SSL in account settings.

A snippet from the mail the ICQ guys sent me:

"""
3) Only do SSL to BOSS if the tlsCertName element is present.  (libPurple
current errors if it is missing)
"""

This change will prevent situations like the one described in #12817. 


Changes against parent b6d7712e90b68610df3bd2d8cbaf46d94c8b3794

  patched  libpurple/protocols/oscar/clientlogin.c
  patched  libpurple/protocols/oscar/oscar.c

-------------- next part --------------
============================================================

--- libpurple/protocols/oscar/oscar.c	1e471df2982afd8628093c5f0d321056de00a3d7
+++ libpurple/protocols/oscar/oscar.c	3f9e1f34a8f0f081fd9c06c942a69887fec8b76b
@@ -981,8 +981,8 @@ int oscar_connect_to_bos(PurpleConnectio
 	conn->cookie = g_memdup(cookie, cookielen);
 
 	/*
-	 * tls_certname is only set (and must be set if we get this far) if
-	 * SSL is enabled.
+	 * Use SSL only if the server provided us with a tls_certname. The server might not specify a tls_certname even if we requested to use TLS, 
+	 * and that is something we should be prepared to.
 	 */
 	if (tls_certname)
 	{
============================================================
--- libpurple/protocols/oscar/clientlogin.c	25bf71722aa11fb10901602921e94d27f2c0096d
+++ libpurple/protocols/oscar/clientlogin.c	6e0dab1b983a036019a31a3e89eeaf3f0284df21
@@ -245,9 +245,7 @@ static gboolean parse_start_oscar_sessio
 	g_free(tmp);
 
 	/* Make sure we have everything else */
-	if (data_node == NULL || host_node == NULL ||
-		port_node == NULL || cookie_node == NULL ||
-		(use_tls && tls_node == NULL))
+	if (data_node == NULL || host_node == NULL || port_node == NULL || cookie_node == NULL)
 	{
 		char *msg;
 		purple_debug_error("oscar", "startOSCARSession response was missing "
@@ -266,11 +264,15 @@ static gboolean parse_start_oscar_sessio
 	tmp = xmlnode_get_data_unescaped(port_node);
 	*cookie = xmlnode_get_data_unescaped(cookie_node);
 
-	if (use_tls)
-		*tls_certname = xmlnode_get_data_unescaped(tls_node);
+	if (use_tls) {
+		if (tls_node != NULL) {
+			*tls_certname = xmlnode_get_data_unescaped(tls_node);
+		} else {
+			purple_debug_warning("oscar", "useTls was 1, but we haven't received a tlsCertName to use. We will not do SSL to BOS.\n");
+		}
+	}
 
-	if (*host == NULL || **host == '\0' || tmp == NULL || *tmp == '\0' || *cookie == NULL || **cookie == '\0' ||
-			(use_tls && (*tls_certname == NULL || **tls_certname == '\0')))
+	if (*host == NULL || **host == '\0' || tmp == NULL || *tmp == '\0' || *cookie == NULL || **cookie == '\0')
 	{
 		char *msg;
 		purple_debug_error("oscar", "startOSCARSession response was missing "
