diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-27 13:16:22 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-29 17:18:31 +0100 |
commit | ff317a2783058e8e90fac21bd8ba18359c5401f9 (patch) | |
tree | 94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936 | |
parent | 565f2ed54f53adc7bd6793a0e746ceb349843408 (diff) |
CVE-2013-1431: respect tls-required flag on legacy Jabber servers
It's checked elsewhere for XMPP 1.0 servers, which can either
use "old SSL" or perform STARTTLS. Legacy Jabber can only use
"old SSL", which is similar to https - connect to a separate port,
typically 5223, and start speaking SSL - so if the connection was
ever going to be encrypted, by this point it already would be.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
-rw-r--r-- | wocky/wocky-connector.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c index 133b9fd..3287285 100644 --- a/wocky/wocky-connector.c +++ b/wocky/wocky-connector.c @@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source, if (!priv->legacy_support) abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER, "Server not XMPP 1.0 Compliant"); + else if (priv->tls_required && !priv->encrypted) + abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE, + "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")"); else jabber_request_auth (self); } |