# HG changeset patch # User Paul Aurich # Date 1283221685 0 # Node ID 8084631e2e848bb5d4d1fb1f398dad758094fd5e # Parent 014dbe36b722e1bd3f69eb596f5377dc1d0e33ec jabber: Unify "Require TLS" and "Use old-style (port 5223) SSL" settings diff -r 014dbe36b722 -r 8084631e2e84 ChangeLog --- a/ChangeLog Fri Aug 27 06:28:09 2010 +0000 +++ b/ChangeLog Tue Aug 31 02:28:05 2010 +0000 @@ -17,6 +17,7 @@ and HMAC options or the QQ protocol version). XMPP: + * Unify the connection security-related settings into one dropdown. * Fix a crash when multiple accounts are simultaneously performing SASL authentication when built with Cyrus SASL support. (thanks to Jan Kaluza) (#11560) diff -r 014dbe36b722 -r 8084631e2e84 libpurple/account.c --- a/libpurple/account.c Fri Aug 27 06:28:09 2010 +0000 +++ b/libpurple/account.c Tue Aug 31 02:28:05 2010 +0000 @@ -513,6 +513,25 @@ } static void +migrate_xmpp_encryption(PurpleAccount *account) +{ + /* When this is removed, nuke the "old_ssl" and "require_tls" settings */ + if (g_str_equal(purple_account_get_protocol_id(account), "prpl-jabber")) { + const char *sec = purple_account_get_string(account, "connection_security", ""); + + if (g_str_equal("", sec)) { + const char *val = "require_tls"; + if (purple_account_get_bool(account, "old_ssl", FALSE)) + val = "old_ssl"; + else if (!purple_account_get_bool(account, "require_tls", TRUE)) + val = "opportunistic_tls"; + + purple_account_set_string(account, "connection_security", val); + } + } +} + +static void parse_settings(xmlnode *node, PurpleAccount *account) { const char *ui; @@ -579,6 +598,9 @@ /* we do this here because we need access to account settings to determine * if we can/should migrate an old Yahoo! JAPAN account */ migrate_yahoo_japan(account); + /* we do this here because we need to do it before the user views the + * Edit Account dialog. */ + migrate_xmpp_encryption(account); } static GList * diff -r 014dbe36b722 -r 8084631e2e84 libpurple/protocols/jabber/auth.c --- a/libpurple/protocols/jabber/auth.c Fri Aug 27 06:28:09 2010 +0000 +++ b/libpurple/protocols/jabber/auth.c Tue Aug 31 02:28:05 2010 +0000 @@ -340,7 +340,8 @@ * is requiring SSL/TLS, we need to enforce it. */ if (!jabber_stream_is_ssl(js) && - purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) { + g_str_equal("require_tls", + purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) { purple_connection_error_reason(js->gc, PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR, _("You require encryption, but it is not available on this server.")); diff -r 014dbe36b722 -r 8084631e2e84 libpurple/protocols/jabber/jabber.c --- a/libpurple/protocols/jabber/jabber.c Fri Aug 27 06:28:09 2010 +0000 +++ b/libpurple/protocols/jabber/jabber.c Tue Aug 31 02:28:05 2010 +0000 @@ -232,7 +232,7 @@ return TRUE; } - if(purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) { + if (g_str_equal("require_tls", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) { purple_connection_error_reason(js->gc, PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT, _("You require encryption, but no TLS/SSL support was found.")); @@ -244,12 +244,16 @@ void jabber_stream_features_parse(JabberStream *js, xmlnode *packet) { - if(xmlnode_get_child(packet, "starttls")) { - if(jabber_process_starttls(js, packet)) { + PurpleAccount *account = purple_connection_get_account(js->gc); + const char *connection_security = + purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS); + + if (xmlnode_get_child(packet, "starttls")) { + if (jabber_process_starttls(js, packet)) { jabber_stream_set_state(js, JABBER_STREAM_INITIALIZING_ENCRYPTION); return; } - } else if(purple_account_get_bool(js->gc->account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS) && !jabber_stream_is_ssl(js)) { + } else if (g_str_equal(connection_security, "require_tls") && !jabber_stream_is_ssl(js)) { purple_connection_error_reason(js->gc, PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR, _("You require encryption, but it is not available on this server.")); @@ -1014,7 +1018,7 @@ js->certificate_CN = g_strdup(connect_server[0] ? connect_server : js->user->domain); /* if they've got old-ssl mode going, we probably want to ignore SRV lookups */ - if(purple_account_get_bool(account, "old_ssl", FALSE)) { + if (g_str_equal("old_ssl", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) { if(purple_ssl_is_supported()) { js->gsc = purple_ssl_connect(account, js->certificate_CN, purple_account_get_int(account, "port", 5223), diff -r 014dbe36b722 -r 8084631e2e84 libpurple/protocols/jabber/jabber.h --- a/libpurple/protocols/jabber/jabber.h Fri Aug 27 06:28:09 2010 +0000 +++ b/libpurple/protocols/jabber/jabber.h Tue Aug 31 02:28:05 2010 +0000 @@ -80,7 +80,7 @@ #define CAPS0115_NODE "http://pidgin.im/" -#define JABBER_DEFAULT_REQUIRE_TLS TRUE +#define JABBER_DEFAULT_REQUIRE_TLS "require_starttls" #define JABBER_DEFAULT_FT_PROXIES "proxy.eu.jabber.org" /* Index into attention_types list */ diff -r 014dbe36b722 -r 8084631e2e84 libpurple/protocols/jabber/libxmpp.c --- a/libpurple/protocols/jabber/libxmpp.c Fri Aug 27 06:28:09 2010 +0000 +++ b/libpurple/protocols/jabber/libxmpp.c Tue Aug 31 02:28:05 2010 +0000 @@ -253,6 +253,7 @@ { PurpleAccountUserSplit *split; PurpleAccountOption *option; + GList *encryption_values = NULL; /* Translators: 'domain' is used here in the context of Internet domains, e.g. pidgin.im */ split = purple_account_user_split_new(_("Domain"), NULL, '@'); @@ -263,13 +264,26 @@ purple_account_user_split_set_reverse(split, FALSE); prpl_info.user_splits = g_list_append(prpl_info.user_splits, split); - option = purple_account_option_bool_new(_("Require SSL/TLS"), "require_tls", JABBER_DEFAULT_REQUIRE_TLS); - prpl_info.protocol_options = g_list_append(prpl_info.protocol_options, - option); +#define ADD_VALUE(list, desc, v) { \ + PurpleKeyValuePair *kvp = g_new0(PurpleKeyValuePair, 1); \ + kvp->key = g_strdup((desc)); \ + kvp->value = g_strdup((v)); \ + list = g_list_prepend(list, kvp); \ +} - option = purple_account_option_bool_new(_("Force old (port 5223) SSL"), "old_ssl", FALSE); + ADD_VALUE(encryption_values, _("Require encryption"), "require_tls"); + ADD_VALUE(encryption_values, _("Use encryption if available"), "opportunistic_tls"); + ADD_VALUE(encryption_values, _("Use old-style SSL"), "old_ssl"); +#if 0 + ADD_VALUE(encryption_values, "None", "none"); +#endif + encryption_values = g_list_reverse(encryption_values); + +#undef ADD_VALUE + + option = purple_account_option_list_new(_("Connection security"), "connection_security", encryption_values); prpl_info.protocol_options = g_list_append(prpl_info.protocol_options, - option); + option); option = purple_account_option_bool_new( _("Allow plaintext auth over unencrypted streams"),