diff libpurple/protocols/jabber/auth.c @ 27029:131e41a24d95

Require SSL when trying IQ-auth via parser.c (no stream:features). Fixes #8131.
author Paul Aurich <paul@darkrain42.org>
date Mon, 25 May 2009 00:32:55 +0000
parents bc7fac8e2f79
children e696a0740a85
line wrap: on
line diff
--- a/libpurple/protocols/jabber/auth.c	Sun May 24 06:30:02 2009 +0000
+++ b/libpurple/protocols/jabber/auth.c	Mon May 25 00:32:55 2009 +0000
@@ -689,6 +689,18 @@
 	JabberIq *iq;
 	xmlnode *query, *username;
 
+	/* We can end up here without encryption if the server doesn't support
+	 * <stream:features/> and we're not using old-style SSL.  If the user
+	 * is requiring SSL/TLS, we need to enforce it.
+	 */
+	if (!jabber_stream_is_ssl(js) &&
+			purple_account_get_bool(purple_connection_get_account(js->gc), "require_tls", FALSE)) {
+		purple_connection_error_reason (js->gc,
+			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
+			_("You require encryption, but it is not available on this server."));
+		return;
+	}
+
 #ifdef HAVE_CYRUS_SASL
 	/* If we have Cyrus SASL, then passwords will have been set
 	 * to OPTIONAL for this protocol. So, we need to do our own