Require SSL/TLS support?
Michael McConville
mmcco at mykolab.com
Sat Dec 19 14:03:32 EST 2015
It seems unnecessary and maybe even unsafe to support building Pidgin
without SSL/TLS support in 2015. Is there a reason why we should keep
this option?
Below is an initial diff. We'd need to sprinkle ssl_init() where
necessary before committing, but I wanted to ask before spending more
time on it.
diff -r 77536a48b4be configure.ac
--- a/configure.ac Wed Dec 16 15:13:36 2015 -0500
+++ b/configure.ac Sat Dec 19 14:00:09 2015 -0500
@@ -2102,10 +2102,7 @@
fi
if test "x$have_gnutls" = "xyes"; then
-
AC_DEFINE(HAVE_GNUTLS, 1, [Define if you have GnuTLS])
- AC_DEFINE(HAVE_SSL, 1, [Define if you have SSL])
-
msg_gnutls="GnuTLS"
fi
fi
@@ -2139,11 +2136,10 @@
fi
if test "x$have_nss" = "xyes"; then
-
AC_DEFINE(HAVE_NSS, 1, [Define if you have Mozilla NSS])
- AC_DEFINE(HAVE_SSL, 1, [Define if you have SSL])
-
msg_nss="Mozilla NSS"
+ else
+ AC_MSG_ERROR([No SSL/TLS library available])
fi
fi
diff -r 77536a48b4be libpurple/http.c
--- a/libpurple/http.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/http.c Sat Dec 19 14:00:09 2015 -0500
@@ -1474,13 +1474,6 @@
return FALSE;
}
- if (is_ssl && !purple_ssl_is_supported()) {
- _purple_http_error(hc, _("Unable to connect to %s: %s"),
- url->host, _("Server requires TLS/SSL, "
- "but no TLS/SSL support was found."));
- return FALSE;
- }
-
if (hc->request->keepalive_pool != NULL) {
hc->socket_request = purple_http_keepalive_pool_request(
hc->request->keepalive_pool, hc->gc, url->host,
diff -r 77536a48b4be libpurple/plugins/perl/common/SSLConn.xs
--- a/libpurple/plugins/perl/common/SSLConn.xs Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/plugins/perl/common/SSLConn.xs Sat Dec 19 14:00:09 2015 -0500
@@ -28,9 +28,6 @@
Purple::Ssl::Ops
purple_ssl_get_ops()
-gboolean
-purple_ssl_is_supported()
-
size_t
purple_ssl_read(gsc, buffer, len)
Purple::Ssl::Connection gsc
diff -r 77536a48b4be libpurple/protocols/facebook/facebook.c
--- a/libpurple/protocols/facebook/facebook.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/facebook/facebook.c Sat Dec 19 14:00:09 2015 -0500
@@ -854,13 +854,6 @@
gc = purple_account_get_connection(acct);
- if (!purple_ssl_is_supported()) {
- purple_connection_error(gc,
- PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("SSL support unavailable"));
- return;
- }
-
fata = fb_data_new(gc);
api = fb_data_get_api(fata);
convh = purple_conversations_get_handle();
diff -r 77536a48b4be libpurple/protocols/gg/tcpsocket.c
--- a/libpurple/protocols/gg/tcpsocket.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/gg/tcpsocket.c Sat Dec 19 14:00:09 2015 -0500
@@ -113,8 +113,7 @@
void
ggp_tcpsocket_setup(PurpleConnection *gc, struct gg_login_params *glp)
{
- glp->socket_manager_type = purple_ssl_is_supported() ?
- GG_SOCKET_MANAGER_TYPE_TLS : GG_SOCKET_MANAGER_TYPE_TCP;
+ glp->socket_manager_type = GG_SOCKET_MANAGER_TYPE_TLS;
glp->socket_manager.cb_data = gc;
glp->socket_manager.connect_cb = ggp_tcpsocket_connect;
glp->socket_manager.close_cb = ggp_tcpsocket_close;
diff -r 77536a48b4be libpurple/protocols/irc/irc.c
--- a/libpurple/protocols/irc/irc.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/irc/irc.c Sat Dec 19 14:00:09 2015 -0500
@@ -370,16 +370,9 @@
purple_connection_update_progress(gc, _("Connecting"), 1, 2);
if (purple_account_get_bool(account, "ssl", FALSE)) {
- if (purple_ssl_is_supported()) {
- irc->gsc = purple_ssl_connect(account, irc->server,
- purple_account_get_int(account, "port", IRC_DEFAULT_SSL_PORT),
- irc_login_cb_ssl, irc_ssl_connect_failure, gc);
- } else {
- purple_connection_error (gc,
- PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("SSL support unavailable"));
- return;
- }
+ irc->gsc = purple_ssl_connect(account, irc->server,
+ purple_account_get_int(account, "port", IRC_DEFAULT_SSL_PORT),
+ irc_login_cb_ssl, irc_ssl_connect_failure, gc);
}
if (!irc->gsc) {
diff -r 77536a48b4be libpurple/protocols/jabber/jabber.c
--- a/libpurple/protocols/jabber/jabber.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/jabber/jabber.c Sat Dec 19 14:00:09 2015 -0500
@@ -237,21 +237,16 @@
*/
{
const gchar *connection_security = purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS);
- if (!g_str_equal(connection_security, "none") &&
- purple_ssl_is_supported()) {
+ if (!g_str_equal(connection_security, "none")) {
jabber_send_raw(js,
"<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1);
return TRUE;
}
}
#else
- if(purple_ssl_is_supported()) {
- jabber_send_raw(js,
- "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1);
- return TRUE;
- } else {
- purple_debug_warning("jabber", "No libpurple TLS/SSL support found.");
- }
+ jabber_send_raw(js,
+ "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>", -1);
+ return TRUE;
#endif
starttls = purple_xmlnode_get_child(packet, "starttls");
@@ -1051,19 +1046,13 @@
/* if they've got old-ssl mode going, we probably want to ignore SRV lookups */
if (g_str_equal("old_ssl", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
- if(purple_ssl_is_supported()) {
- js->gsc = purple_ssl_connect(account, js->certificate_CN,
- purple_account_get_int(account, "port", 5223),
- jabber_login_callback_ssl, jabber_ssl_connect_failure, gc);
- if (!js->gsc) {
- purple_connection_error(gc,
- PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("Unable to establish SSL connection"));
- }
- } else {
+ js->gsc = purple_ssl_connect(account, js->certificate_CN,
+ purple_account_get_int(account, "port", 5223),
+ jabber_login_callback_ssl, jabber_ssl_connect_failure, gc);
+ if (!js->gsc) {
purple_connection_error(gc,
PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("SSL support unavailable"));
+ _("Unable to establish SSL connection"));
}
return;
diff -r 77536a48b4be libpurple/protocols/msn/msn.c
--- a/libpurple/protocols/msn/msn.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/msn/msn.c Sat Dec 19 14:00:09 2015 -0500
@@ -1341,15 +1341,6 @@
gc = purple_account_get_connection(account);
- if (!purple_ssl_is_supported())
- {
- purple_connection_error(gc,
- PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("SSL support is needed for MSN. Please install a supported "
- "SSL library."));
- return;
- }
-
http_method = purple_account_get_bool(account, "http_method", FALSE);
if (http_method)
diff -r 77536a48b4be libpurple/protocols/oscar/oscar.c
--- a/libpurple/protocols/oscar/oscar.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/oscar/oscar.c Sat Dec 19 14:00:09 2015 -0500
@@ -741,14 +741,7 @@
od->default_port = purple_account_get_int(account, "port", OSCAR_DEFAULT_LOGIN_PORT);
encryption_type = purple_account_get_string(account, "encryption", OSCAR_DEFAULT_ENCRYPTION);
- if (!purple_ssl_is_supported() && strcmp(encryption_type, OSCAR_REQUIRE_ENCRYPTION) == 0) {
- purple_connection_error(
- gc,
- PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
- _("You required encryption in your account settings, but encryption is not supported by your system."));
- return;
- }
- od->use_ssl = purple_ssl_is_supported() && strcmp(encryption_type, OSCAR_NO_ENCRYPTION) != 0;
+ od->use_ssl = strcmp(encryption_type, OSCAR_NO_ENCRYPTION) != 0;
/* Connect to core Purple signals */
purple_prefs_connect_callback(purple_connection_get_protocol(gc), "/purple/away/idle_reporting", idle_reporting_pref_cb, gc);
diff -r 77536a48b4be libpurple/protocols/yahoo/ymsg.c
--- a/libpurple/protocols/yahoo/ymsg.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/protocols/yahoo/ymsg.c Sat Dec 19 14:00:09 2015 -0500
@@ -1906,11 +1906,6 @@
purple_debug_info("yahoo", "Authentication: In yahoo_auth16_stage1\n");
- if(!purple_ssl_is_supported()) {
- purple_connection_error(gc, PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT, _("SSL support unavailable"));
- return;
- }
-
auth_data = g_new0(struct yahoo_auth_data, 1);
auth_data->gc = gc;
auth_data->seed = g_strdup(seed);
diff -r 77536a48b4be libpurple/purple-socket.c
--- a/libpurple/purple-socket.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/purple-socket.c Sat Dec 19 14:00:09 2015 -0500
@@ -259,12 +259,6 @@
ps->cb_data = user_data;
if (ps->is_tls) {
- if (!purple_ssl_is_supported()) {
- purple_debug_error("socket", "TLS is not supported");
- ps->state = PURPLE_SOCKET_STATE_ERROR;
- return FALSE;
- }
-
ps->tls_connection = purple_ssl_connect(account, ps->host,
ps->port, _purple_socket_connected_tls,
_purple_socket_connected_tls_error, ps);
diff -r 77536a48b4be libpurple/sslconn.c
--- a/libpurple/sslconn.c Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/sslconn.c Sat Dec 19 14:00:09 2015 -0500
@@ -56,17 +56,6 @@
return (_ssl_initialized = ops->init());
}
-gboolean
-purple_ssl_is_supported(void)
-{
-#ifdef HAVE_SSL
- ssl_init();
- return (purple_ssl_get_ops() != NULL);
-#else
- return FALSE;
-#endif
-}
-
static void
purple_ssl_connect_cb(gpointer data, gint source, const gchar *error_message)
{
@@ -110,7 +99,6 @@
g_return_val_if_fail(host != NULL, NULL);
g_return_val_if_fail(port != 0 && port != -1, NULL);
g_return_val_if_fail(func != NULL, NULL);
- g_return_val_if_fail(purple_ssl_is_supported(), NULL);
if (!_ssl_initialized)
{
@@ -156,7 +144,6 @@
void *data)
{
g_return_if_fail(func != NULL);
- g_return_if_fail(purple_ssl_is_supported());
purple_ssl_input_remove(gsc);
@@ -203,7 +190,6 @@
g_return_val_if_fail(fd != -1, NULL);
g_return_val_if_fail(func != NULL, NULL);
- g_return_val_if_fail(purple_ssl_is_supported(), NULL);
if (!_ssl_initialized)
{
diff -r 77536a48b4be libpurple/sslconn.h
--- a/libpurple/sslconn.h Wed Dec 16 15:13:36 2015 -0500
+++ b/libpurple/sslconn.h Sat Dec 19 14:00:09 2015 -0500
@@ -152,15 +152,6 @@
/**************************************************************************/
/**
- * purple_ssl_is_supported:
- *
- * Returns whether or not SSL is currently supported.
- *
- * Returns: %TRUE if SSL is supported, or %FALSE otherwise.
- */
-gboolean purple_ssl_is_supported(void);
-
-/**
* purple_ssl_strerror:
* @error: Error code
*
diff -r 77536a48b4be pidgin/gtkdialogs.c
--- a/pidgin/gtkdialogs.c Wed Dec 16 15:13:36 2015 -0500
+++ b/pidgin/gtkdialogs.c Sat Dec 19 14:00:09 2015 -0500
@@ -624,11 +624,7 @@
g_string_append(str, "<dt>Plugins:</dt><dd>Disabled</dd>");
#endif
-#ifdef HAVE_SSL
g_string_append(str, "<dt>SSL:</dt><dd>SSL support is present.</dd>");
-#else
- g_string_append(str, "<dt>SSL:</dt><dd>SSL support was <strong><em>NOT</em></strong> compiled!</dd>");
-#endif
g_string_append_printf(str, "<dt>GTK+ Runtime:</dt><dd>%u.%u.%u</dd>"
"<dt>GLib Runtime:</dt><dd>%u.%u.%u</dd>",
More information about the Devel
mailing list