[Pidgin] #17270: BOSH doesn't work, it should ignore STARTTLS
Pidgin
trac at pidgin.im
Fri Nov 24 15:34:00 EST 2017
#17270: BOSH doesn't work, it should ignore STARTTLS
------------------------+---------------------
Reporter: niconiconi | Owner: deryni
Type: defect | Status: new
Milestone: | Component: XMPP
Version: 2.12.0 | Resolution:
Keywords: BOSH |
------------------------+---------------------
Comment (by niconiconi):
This bug can be fixed by patching {{{jabber_process_starttls()}}}
function. I've developed a patch to prevent sending STARTTLS when using
HTTPS BOSH connection, meanwhile it also triggers errors if security is
required by the user or server.
It solves the problem totally. I can now connect to the server and log in
without any problem. Non BOSH connections are also working flawlessly.
I also rearranged the code a little bit and added some comments to make it
easier to read and understand. Please review the patch, and merge it into
the next stable release if everything is okay. Thanks.
{{{
diff -uprN pidgin-2.12.0.old/libpurple/protocols/jabber/jabber.c
pidgin-2.12.0/libpurple/protocols/jabber/jabber.c
--- pidgin-2.12.0.old/libpurple/protocols/jabber/jabber.c 2017-11-25
03:54:40.639920993 +0800
+++ pidgin-2.12.0/libpurple/protocols/jabber/jabber.c 2017-11-25
04:25:44.470494581 +0800
@@ -236,15 +236,32 @@ jabber_process_starttls(JabberStream *js
}
}
#else
- if(purple_ssl_is_supported()) {
+ if (!purple_ssl_is_supported()) {
+ purple_debug_warning("jabber", "No libpurple TLS/SSL
support found.");
+ }
+
+ /* It's a secure BOSH connection, just return FALSE and skip,
without doing anything extra.
+ * XEP-0206 (XMPP Over BOSH): The client SHOULD ignore any
Transport Layer Security (TLS)
+ * feature since BOSH channel encryption SHOULD be negotiated at
the HTTP layer.
+ *
+ * Note: we are already receiving STARTTLS at this point from a
SSL/TLS BOSH connection,
+ * so it is not necessary to check if purple_ssl_is_supported().
+ */
+ if (js->bosh && jabber_bosh_connection_is_ssl(js->bosh)) {
+ return FALSE;
+ }
+
+ /* Otherwise, it's a standard XMPP connection, or a HTTP
(insecure) BOSH connection.
+ * We request STARTTLS for standard XMPP connections, but we do
nothing for insecure
+ * BOSH connections, per XEP-0206. */
+ if(purple_ssl_is_supported() && !js->bosh) {
jabber_send_raw(js,
"<starttls xmlns='urn:ietf:params:xml:ns
:xmpp-tls'/>", -1);
return TRUE;
- } else {
- purple_debug_warning("jabber", "No libpurple TLS/SSL
support found.");
}
#endif
-
+ /* It's an insecure standard XMPP connection, or an insecure BOSH
connection, let's
+ * emit errors if security is required by the server or user. */
starttls = xmlnode_get_child(packet, "starttls");
if(xmlnode_get_child(starttls, "required")) {
purple_connection_error_reason(js->gc,
}}}
--
Ticket URL: <https://developer.pidgin.im/ticket/17270#comment:1>
Pidgin <https://pidgin.im>
Pidgin
More information about the Tracker
mailing list