diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-27 13:16:22 +0100 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2013-05-29 17:18:31 +0100 |
commit | ff317a2783058e8e90fac21bd8ba18359c5401f9 (patch) | |
tree | 94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936 | |
parent | 565f2ed54f53adc7bd6793a0e746ceb349843408 (diff) |
CVE-2013-1431: respect tls-required flag on legacy Jabber serversgabble-0.16
It's checked elsewhere for XMPP 1.0 servers, which can either
use "old SSL" or perform STARTTLS. Legacy Jabber can only use
"old SSL", which is similar to https - connect to a separate port,
typically 5223, and start speaking SSL - so if the connection was
ever going to be encrypted, by this point it already would be.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036
Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
-rw-r--r-- | wocky/wocky-connector.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c index 133b9fd..3287285 100644 --- a/wocky/wocky-connector.c +++ b/wocky/wocky-connector.c @@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source, if (!priv->legacy_support) abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER, "Server not XMPP 1.0 Compliant"); + else if (priv->tls_required && !priv->encrypted) + abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE, + "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")"); else jabber_request_auth (self); } |