CVE-2013-1431: respect tls-required flag on legacy Jabber servers

It's checked elsewhere for XMPP 1.0 servers, which can either use "old SSL" or perform STARTTLS. Legacy Jabber can only use "old SSL", which is similar to https - connect to a separate port, typically 5223, and start speaking SSL - so if the connection was ever going to be encrypted, by this point it already would be. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036 Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
author: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-05-27 13:16:22 +0100
committer: Simon McVittie <simon.mcvittie@collabora.co.uk> 2013-05-29 17:18:31 +0100
commit: ff317a2783058e8e90fac21bd8ba18359c5401f9 (patch)
tree: 94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936
parent: 565f2ed54f53adc7bd6793a0e746ceb349843408 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c
index 133b9fd..3287285 100644
--- a/wocky/wocky-connector.c
+++ b/wocky/wocky-connector.c
@@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source,
       if (!priv->legacy_support)
         abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER,
             "Server not XMPP 1.0 Compliant");
+      else if (priv->tls_required && !priv->encrypted)
+        abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE,
+            "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")");
       else
         jabber_request_auth (self);
     }
author	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-05-27 13:16:22 +0100
committer	Simon McVittie <simon.mcvittie@collabora.co.uk>	2013-05-29 17:18:31 +0100
commit	ff317a2783058e8e90fac21bd8ba18359c5401f9 (patch)
tree	94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936
parent	565f2ed54f53adc7bd6793a0e746ceb349843408 (diff)