mirror of
https://github.com/profanity-im/profanity.git
synced 2024-12-04 14:46:46 -05:00
Legacy SSL support
Add "legacy" tls policy to /account and /connect commands. When this policy is specified the connection is connected with XMPP_CONN_LEGACY_SSL flag. Notice, legacy SSL and STARTTLS are not compatible and user has to know when exactly the new policy should be used. To enable it, run one of the next commands: /connect <jid> tls legacy [server <host>] /account <name> set tls legacy Notice, there is no SRV record for legacy SSL. Therefore, you may need "server" property to connect successfully. Refer to configuration provided by your server.
This commit is contained in:
parent
4a6bf68727
commit
1012e11283
@ -568,6 +568,7 @@ cmd_ac_init(void)
|
|||||||
tls_property_ac = autocomplete_new();
|
tls_property_ac = autocomplete_new();
|
||||||
autocomplete_add(tls_property_ac, "force");
|
autocomplete_add(tls_property_ac, "force");
|
||||||
autocomplete_add(tls_property_ac, "allow");
|
autocomplete_add(tls_property_ac, "allow");
|
||||||
|
autocomplete_add(tls_property_ac, "legacy");
|
||||||
autocomplete_add(tls_property_ac, "disable");
|
autocomplete_add(tls_property_ac, "disable");
|
||||||
|
|
||||||
join_property_ac = autocomplete_new();
|
join_property_ac = autocomplete_new();
|
||||||
|
@ -158,7 +158,7 @@ static struct cmd_t command_defs[] =
|
|||||||
CMD_TAG_CONNECTION)
|
CMD_TAG_CONNECTION)
|
||||||
CMD_SYN(
|
CMD_SYN(
|
||||||
"/connect [<account>]",
|
"/connect [<account>]",
|
||||||
"/connect <account> [server <server>] [port <port>] [tls force|allow|disable]")
|
"/connect <account> [server <server>] [port <port>] [tls force|allow|legacy|disable]")
|
||||||
CMD_DESC(
|
CMD_DESC(
|
||||||
"Login to a chat service. "
|
"Login to a chat service. "
|
||||||
"If no account is specified, the default is used if one is configured. "
|
"If no account is specified, the default is used if one is configured. "
|
||||||
@ -169,6 +169,7 @@ static struct cmd_t command_defs[] =
|
|||||||
{ "port <port>", "The port to use if different to the default (5222, or 5223 for SSL)." },
|
{ "port <port>", "The port to use if different to the default (5222, or 5223 for SSL)." },
|
||||||
{ "tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
|
{ "tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
|
||||||
{ "tls allow", "Use TLS for the connection if it is available." },
|
{ "tls allow", "Use TLS for the connection if it is available." },
|
||||||
|
{ "tls legacy", "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
|
||||||
{ "tls disable", "Disable TLS for the connection." })
|
{ "tls disable", "Disable TLS for the connection." })
|
||||||
CMD_EXAMPLES(
|
CMD_EXAMPLES(
|
||||||
"/connect",
|
"/connect",
|
||||||
@ -1984,7 +1985,7 @@ static struct cmd_t command_defs[] =
|
|||||||
"/account set <account> otr <policy>",
|
"/account set <account> otr <policy>",
|
||||||
"/account set <account> pgpkeyid <pgpkeyid>",
|
"/account set <account> pgpkeyid <pgpkeyid>",
|
||||||
"/account set <account> startscript <script>",
|
"/account set <account> startscript <script>",
|
||||||
"/account set <account> tls force|allow|disable",
|
"/account set <account> tls force|allow|legacy|disable",
|
||||||
"/account set <account> theme <theme>",
|
"/account set <account> theme <theme>",
|
||||||
"/account clear <account> password",
|
"/account clear <account> password",
|
||||||
"/account clear <account> eval_password",
|
"/account clear <account> eval_password",
|
||||||
@ -2024,6 +2025,7 @@ static struct cmd_t command_defs[] =
|
|||||||
{ "set <account> startscript <script>", "Set the script to execute after connecting." },
|
{ "set <account> startscript <script>", "Set the script to execute after connecting." },
|
||||||
{ "set <account> tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
|
{ "set <account> tls force", "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
|
||||||
{ "set <account> tls allow", "Use TLS for the connection if it is available." },
|
{ "set <account> tls allow", "Use TLS for the connection if it is available." },
|
||||||
|
{ "set <account> tls legacy", "Use legacy TLS for the connection. It means server doesn't support STARTTLS and TLS is forced just after TCP connection is established." },
|
||||||
{ "set <account> tls disable", "Disable TLS for the connection." },
|
{ "set <account> tls disable", "Disable TLS for the connection." },
|
||||||
{ "set <account> <theme>", "Set the UI theme for the account." },
|
{ "set <account> <theme>", "Set the UI theme for the account." },
|
||||||
{ "clear <account> server", "Remove the server setting for this account." },
|
{ "clear <account> server", "Remove the server setting for this account." },
|
||||||
|
@ -350,7 +350,8 @@ cmd_connect(ProfWin *window, const char *const command, gchar **args)
|
|||||||
if (tls_policy &&
|
if (tls_policy &&
|
||||||
(g_strcmp0(tls_policy, "force") != 0) &&
|
(g_strcmp0(tls_policy, "force") != 0) &&
|
||||||
(g_strcmp0(tls_policy, "allow") != 0) &&
|
(g_strcmp0(tls_policy, "allow") != 0) &&
|
||||||
(g_strcmp0(tls_policy, "disable") != 0)) {
|
(g_strcmp0(tls_policy, "disable") != 0) &&
|
||||||
|
(g_strcmp0(tls_policy, "legacy") != 0)) {
|
||||||
cons_bad_cmd_usage(command);
|
cons_bad_cmd_usage(command);
|
||||||
cons_show("");
|
cons_show("");
|
||||||
return TRUE;
|
return TRUE;
|
||||||
@ -813,8 +814,9 @@ _account_set_tls(char *account_name, char *policy)
|
|||||||
{
|
{
|
||||||
if ((g_strcmp0(policy, "force") != 0)
|
if ((g_strcmp0(policy, "force") != 0)
|
||||||
&& (g_strcmp0(policy, "allow") != 0)
|
&& (g_strcmp0(policy, "allow") != 0)
|
||||||
&& (g_strcmp0(policy, "disable") != 0)) {
|
&& (g_strcmp0(policy, "disable") != 0)
|
||||||
cons_show("TLS policy must be one of: force, allow or disable.");
|
&& (g_strcmp0(policy, "legacy") != 0)) {
|
||||||
|
cons_show("TLS policy must be one of: force, allow, legacy or disable.");
|
||||||
} else {
|
} else {
|
||||||
accounts_set_tls_policy(account_name, policy);
|
accounts_set_tls_policy(account_name, policy);
|
||||||
cons_show("Updated TLS policy for account %s: %s", account_name, policy);
|
cons_show("Updated TLS policy for account %s: %s", account_name, policy);
|
||||||
|
@ -291,7 +291,8 @@ accounts_get_account(const char *const name)
|
|||||||
gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL);
|
gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL);
|
||||||
if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) &&
|
if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) &&
|
||||||
(g_strcmp0(tls_policy, "allow") != 0) &&
|
(g_strcmp0(tls_policy, "allow") != 0) &&
|
||||||
(g_strcmp0(tls_policy, "disable") != 0))) {
|
(g_strcmp0(tls_policy, "disable") != 0) &&
|
||||||
|
(g_strcmp0(tls_policy, "legacy") != 0))) {
|
||||||
g_free(tls_policy);
|
g_free(tls_policy);
|
||||||
tls_policy = NULL;
|
tls_policy = NULL;
|
||||||
}
|
}
|
||||||
|
@ -152,6 +152,8 @@ connection_connect(const char *const jid, const char *const passwd, const char *
|
|||||||
xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS);
|
xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_MANDATORY_TLS);
|
||||||
} else if (g_strcmp0(tls_policy, "disable") == 0) {
|
} else if (g_strcmp0(tls_policy, "disable") == 0) {
|
||||||
xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_DISABLE_TLS);
|
xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_DISABLE_TLS);
|
||||||
|
} else if (g_strcmp0(tls_policy, "legacy") == 0) {
|
||||||
|
xmpp_conn_set_flags(conn.xmpp_conn, XMPP_CONN_FLAG_LEGACY_SSL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_LIBMESODE
|
#ifdef HAVE_LIBMESODE
|
||||||
|
Loading…
Reference in New Issue
Block a user