diff options
author | mathieui <mathieui@mathieui.net> | 2014-02-13 00:48:19 +0100 |
---|---|---|
committer | mathieui <mathieui@mathieui.net> | 2014-02-13 00:48:19 +0100 |
commit | 7e3efccb537ae11e9550ddf14ea6ca4ba472804a (patch) | |
tree | 1d8dcd3a3ff9e4ff77fe31b305dba5a54fc4fedf | |
parent | f43f06214ef5bb16de616feb754fcdb56a208192 (diff) | |
download | poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.gz poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.bz2 poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.xz poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.zip |
Fix #2407 (unencrypted connections)
Add a force_encryption option set to true by default.
-rw-r--r-- | data/default_config.cfg | 3 | ||||
-rw-r--r-- | doc/source/configuration.rst | 8 | ||||
-rw-r--r-- | src/connection.py | 7 | ||||
-rw-r--r-- | src/core.py | 11 |
4 files changed, 27 insertions, 2 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg index 90140a5e..ace8907a 100644 --- a/data/default_config.cfg +++ b/data/default_config.cfg @@ -50,6 +50,9 @@ certificate = # the same certificate. ignore_certificate = false +# Force TLS on by default +force_encryption = true + # The interval to send a whitespace keepalive to the server # 300 should be fine, except for specific services, in that case, change the # value to the services default. diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst index 7ca8cc59..7a48a286 100644 --- a/doc/source/configuration.rst +++ b/doc/source/configuration.rst @@ -167,6 +167,14 @@ section of this documentation. If set to true, notifications about the music your contacts listen to will be displayed in the info buffer as 'Tune' messages. + force_encryption + + **Default value:** ``true`` + + If set to true, all connections will use TLS by default. Only turn this to + false if you cannot connect to your server, and do not care about your password + or the pricacy of your communications. + display_mood_notifications **Default value:** ``false`` diff --git a/src/connection.py b/src/connection.py index 37385650..b60f3b71 100644 --- a/src/connection.py +++ b/src/connection.py @@ -50,6 +50,13 @@ class Connection(sleekxmpp.ClientXMPP): # TODO: use the system language sleekxmpp.ClientXMPP.__init__(self, jid, password, lang=config.get('lang', 'en')) + force_encryption = config.get('force_encryption', 'true').lower() != 'false' + if force_encryption: + self['feature_mechanisms'].unencrypted_plain = False + self['feature_mechanisms'].unencrypted_digest = False + self['feature_mechanisms'].unencrypted_cram = False + self['feature_mechanisms'].unencrypted_scram = False + self.core = None self.auto_reconnect = True if config.get('auto_reconnect', 'false').lower() in ('true', '1') else False self.reconnect_max_attempts = 0 diff --git a/src/core.py b/src/core.py index 38b4f974..0d9c88a1 100644 --- a/src/core.py +++ b/src/core.py @@ -236,7 +236,8 @@ class Core(object): # Add handlers self.xmpp.add_event_handler('connected', self.on_connected) self.xmpp.add_event_handler('disconnected', self.on_disconnected) - self.xmpp.add_event_handler('no_auth', self.on_failed_auth) + self.xmpp.add_event_handler('failed_auth', self.on_failed_auth) + self.xmpp.add_event_handler('no_auth', self.on_no_auth) self.xmpp.add_event_handler("session_start", self.on_session_start) self.xmpp.add_event_handler("session_start", self.on_session_start_features) self.xmpp.add_event_handler("groupchat_presence", self.on_groupchat_presence) @@ -3553,7 +3554,13 @@ class Core(object): """ Authentication failed """ - self.information(_("Authentication failed.")) + self.information(_("Authentication failed (bad credentials?).")) + + def on_no_auth(self, event): + """ + Authentication failed (no mech) + """ + self.information(_("Authentication failed, no login method available.")) def on_connected(self, event): """ |