summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimon McVittie <simon.mcvittie@collabora.co.uk>2013-05-27 13:16:22 +0100
committerSimon McVittie <simon.mcvittie@collabora.co.uk>2013-05-29 17:18:31 +0100
commitff317a2783058e8e90fac21bd8ba18359c5401f9 (patch)
tree94d3f17c2f3b80b4ec8cc5509b4dc3ded22b9936
parent565f2ed54f53adc7bd6793a0e746ceb349843408 (diff)
CVE-2013-1431: respect tls-required flag on legacy Jabber serversgabble-0.16
It's checked elsewhere for XMPP 1.0 servers, which can either use "old SSL" or perform STARTTLS. Legacy Jabber can only use "old SSL", which is similar to https - connect to a separate port, typically 5223, and start speaking SSL - so if the connection was ever going to be encrypted, by this point it already would be. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65036 Reviewed-by: Sjoerd Simons <sjoerd.simons@collabora.co.uk>
-rw-r--r--wocky/wocky-connector.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/wocky/wocky-connector.c b/wocky/wocky-connector.c
index 133b9fd..3287285 100644
--- a/wocky/wocky-connector.c
+++ b/wocky/wocky-connector.c
@@ -1135,6 +1135,9 @@ xmpp_init_recv_cb (GObject *source,
if (!priv->legacy_support)
abort_connect_code (self, WOCKY_CONNECTOR_ERROR_NON_XMPP_V1_SERVER,
"Server not XMPP 1.0 Compliant");
+ else if (priv->tls_required && !priv->encrypted)
+ abort_connect_code (data, WOCKY_CONNECTOR_ERROR_TLS_UNAVAILABLE,
+ "TLS requested but server is not XMPP 1.0 compliant (try using \"old SSL\")");
else
jabber_request_auth (self);
}