changeset 30462:8084631e2e84

jabber: Unify "Require TLS" and "Use old-style (port 5223) SSL" settings
author Paul Aurich <paul@darkrain42.org>
date Tue, 31 Aug 2010 02:28:05 +0000
parents 014dbe36b722
children 4072761e3454
files ChangeLog libpurple/account.c libpurple/protocols/jabber/auth.c libpurple/protocols/jabber/jabber.c libpurple/protocols/jabber/jabber.h libpurple/protocols/jabber/libxmpp.c
diffstat 6 files changed, 54 insertions(+), 12 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Fri Aug 27 06:28:09 2010 +0000
+++ b/ChangeLog	Tue Aug 31 02:28:05 2010 +0000
@@ -17,6 +17,7 @@
 	  and HMAC options or the QQ protocol version).
 
 	XMPP:
+	* Unify the connection security-related settings into one dropdown.
 	* Fix a crash when multiple accounts are simultaneously performing
 	  SASL authentication when built with Cyrus SASL support.  (thanks
 	  to Jan Kaluza) (#11560)
--- a/libpurple/account.c	Fri Aug 27 06:28:09 2010 +0000
+++ b/libpurple/account.c	Tue Aug 31 02:28:05 2010 +0000
@@ -513,6 +513,25 @@
 }
 
 static void
+migrate_xmpp_encryption(PurpleAccount *account)
+{
+	/* When this is removed, nuke the "old_ssl" and "require_tls" settings */
+	if (g_str_equal(purple_account_get_protocol_id(account), "prpl-jabber")) {
+		const char *sec = purple_account_get_string(account, "connection_security", "");
+
+		if (g_str_equal("", sec)) {
+			const char *val = "require_tls";
+			if (purple_account_get_bool(account, "old_ssl", FALSE))
+				val = "old_ssl";
+			else if (!purple_account_get_bool(account, "require_tls", TRUE))
+				val = "opportunistic_tls";
+
+			purple_account_set_string(account, "connection_security", val);
+		}
+	}
+}
+
+static void
 parse_settings(xmlnode *node, PurpleAccount *account)
 {
 	const char *ui;
@@ -579,6 +598,9 @@
 	/* we do this here because we need access to account settings to determine
 	 * if we can/should migrate an old Yahoo! JAPAN account */
 	migrate_yahoo_japan(account);
+	/* we do this here because we need to do it before the user views the
+	 * Edit Account dialog. */
+	migrate_xmpp_encryption(account);
 }
 
 static GList *
--- a/libpurple/protocols/jabber/auth.c	Fri Aug 27 06:28:09 2010 +0000
+++ b/libpurple/protocols/jabber/auth.c	Tue Aug 31 02:28:05 2010 +0000
@@ -340,7 +340,8 @@
 	 * is requiring SSL/TLS, we need to enforce it.
 	 */
 	if (!jabber_stream_is_ssl(js) &&
-			purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) {
+			g_str_equal("require_tls",
+				purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		purple_connection_error_reason(js->gc,
 			PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
 			_("You require encryption, but it is not available on this server."));
--- a/libpurple/protocols/jabber/jabber.c	Fri Aug 27 06:28:09 2010 +0000
+++ b/libpurple/protocols/jabber/jabber.c	Tue Aug 31 02:28:05 2010 +0000
@@ -232,7 +232,7 @@
 		return TRUE;
 	}
 
-	if(purple_account_get_bool(account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS)) {
+	if (g_str_equal("require_tls", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		purple_connection_error_reason(js->gc,
 				PURPLE_CONNECTION_ERROR_NO_SSL_SUPPORT,
 				_("You require encryption, but no TLS/SSL support was found."));
@@ -244,12 +244,16 @@
 
 void jabber_stream_features_parse(JabberStream *js, xmlnode *packet)
 {
-	if(xmlnode_get_child(packet, "starttls")) {
-		if(jabber_process_starttls(js, packet)) {
+	PurpleAccount *account = purple_connection_get_account(js->gc);
+	const char *connection_security =
+		purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS);
+
+	if (xmlnode_get_child(packet, "starttls")) {
+		if (jabber_process_starttls(js, packet)) {
 			jabber_stream_set_state(js, JABBER_STREAM_INITIALIZING_ENCRYPTION);
 			return;
 		}
-	} else if(purple_account_get_bool(js->gc->account, "require_tls", JABBER_DEFAULT_REQUIRE_TLS) && !jabber_stream_is_ssl(js)) {
+	} else if (g_str_equal(connection_security, "require_tls") && !jabber_stream_is_ssl(js)) {
 		purple_connection_error_reason(js->gc,
 			 PURPLE_CONNECTION_ERROR_ENCRYPTION_ERROR,
 			_("You require encryption, but it is not available on this server."));
@@ -1014,7 +1018,7 @@
 	js->certificate_CN = g_strdup(connect_server[0] ? connect_server : js->user->domain);
 
 	/* if they've got old-ssl mode going, we probably want to ignore SRV lookups */
-	if(purple_account_get_bool(account, "old_ssl", FALSE)) {
+	if (g_str_equal("old_ssl", purple_account_get_string(account, "connection_security", JABBER_DEFAULT_REQUIRE_TLS))) {
 		if(purple_ssl_is_supported()) {
 			js->gsc = purple_ssl_connect(account, js->certificate_CN,
 					purple_account_get_int(account, "port", 5223),
--- a/libpurple/protocols/jabber/jabber.h	Fri Aug 27 06:28:09 2010 +0000
+++ b/libpurple/protocols/jabber/jabber.h	Tue Aug 31 02:28:05 2010 +0000
@@ -80,7 +80,7 @@
 
 #define CAPS0115_NODE "http://pidgin.im/"
 
-#define JABBER_DEFAULT_REQUIRE_TLS    TRUE
+#define JABBER_DEFAULT_REQUIRE_TLS    "require_starttls"
 #define JABBER_DEFAULT_FT_PROXIES     "proxy.eu.jabber.org"
 
 /* Index into attention_types list */
--- a/libpurple/protocols/jabber/libxmpp.c	Fri Aug 27 06:28:09 2010 +0000
+++ b/libpurple/protocols/jabber/libxmpp.c	Tue Aug 31 02:28:05 2010 +0000
@@ -253,6 +253,7 @@
 {
 	PurpleAccountUserSplit *split;
 	PurpleAccountOption *option;
+	GList *encryption_values = NULL;
 
 	/* Translators: 'domain' is used here in the context of Internet domains, e.g. pidgin.im */
 	split = purple_account_user_split_new(_("Domain"), NULL, '@');
@@ -263,13 +264,26 @@
 	purple_account_user_split_set_reverse(split, FALSE);
 	prpl_info.user_splits = g_list_append(prpl_info.user_splits, split);
 
-	option = purple_account_option_bool_new(_("Require SSL/TLS"), "require_tls", JABBER_DEFAULT_REQUIRE_TLS);
-	prpl_info.protocol_options = g_list_append(prpl_info.protocol_options,
-											   option);
+#define ADD_VALUE(list, desc, v) { \
+	PurpleKeyValuePair *kvp = g_new0(PurpleKeyValuePair, 1); \
+	kvp->key = g_strdup((desc)); \
+	kvp->value = g_strdup((v)); \
+	list = g_list_prepend(list, kvp); \
+}
 
-	option = purple_account_option_bool_new(_("Force old (port 5223) SSL"), "old_ssl", FALSE);
+	ADD_VALUE(encryption_values, _("Require encryption"), "require_tls");
+	ADD_VALUE(encryption_values, _("Use encryption if available"), "opportunistic_tls");
+	ADD_VALUE(encryption_values, _("Use old-style SSL"), "old_ssl");
+#if 0
+	ADD_VALUE(encryption_values, "None", "none");
+#endif
+	encryption_values = g_list_reverse(encryption_values);
+
+#undef ADD_VALUE
+
+	option = purple_account_option_list_new(_("Connection security"), "connection_security", encryption_values);
 	prpl_info.protocol_options = g_list_append(prpl_info.protocol_options,
-											   option);
+						   option);
 
 	option = purple_account_option_bool_new(
 						_("Allow plaintext auth over unencrypted streams"),