summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormathieui <mathieui@mathieui.net>2014-02-13 00:48:19 +0100
committermathieui <mathieui@mathieui.net>2014-02-13 00:48:19 +0100
commit7e3efccb537ae11e9550ddf14ea6ca4ba472804a (patch)
tree1d8dcd3a3ff9e4ff77fe31b305dba5a54fc4fedf
parentf43f06214ef5bb16de616feb754fcdb56a208192 (diff)
downloadpoezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.gz
poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.bz2
poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.tar.xz
poezio-7e3efccb537ae11e9550ddf14ea6ca4ba472804a.zip
Fix #2407 (unencrypted connections)
Add a force_encryption option set to true by default.
-rw-r--r--data/default_config.cfg3
-rw-r--r--doc/source/configuration.rst8
-rw-r--r--src/connection.py7
-rw-r--r--src/core.py11
4 files changed, 27 insertions, 2 deletions
diff --git a/data/default_config.cfg b/data/default_config.cfg
index 90140a5e..ace8907a 100644
--- a/data/default_config.cfg
+++ b/data/default_config.cfg
@@ -50,6 +50,9 @@ certificate =
# the same certificate.
ignore_certificate = false
+# Force TLS on by default
+force_encryption = true
+
# The interval to send a whitespace keepalive to the server
# 300 should be fine, except for specific services, in that case, change the
# value to the services default.
diff --git a/doc/source/configuration.rst b/doc/source/configuration.rst
index 7ca8cc59..7a48a286 100644
--- a/doc/source/configuration.rst
+++ b/doc/source/configuration.rst
@@ -167,6 +167,14 @@ section of this documentation.
If set to true, notifications about the music your contacts listen to
will be displayed in the info buffer as 'Tune' messages.
+ force_encryption
+
+ **Default value:** ``true``
+
+ If set to true, all connections will use TLS by default. Only turn this to
+ false if you cannot connect to your server, and do not care about your password
+ or the pricacy of your communications.
+
display_mood_notifications
**Default value:** ``false``
diff --git a/src/connection.py b/src/connection.py
index 37385650..b60f3b71 100644
--- a/src/connection.py
+++ b/src/connection.py
@@ -50,6 +50,13 @@ class Connection(sleekxmpp.ClientXMPP):
# TODO: use the system language
sleekxmpp.ClientXMPP.__init__(self, jid, password, lang=config.get('lang', 'en'))
+ force_encryption = config.get('force_encryption', 'true').lower() != 'false'
+ if force_encryption:
+ self['feature_mechanisms'].unencrypted_plain = False
+ self['feature_mechanisms'].unencrypted_digest = False
+ self['feature_mechanisms'].unencrypted_cram = False
+ self['feature_mechanisms'].unencrypted_scram = False
+
self.core = None
self.auto_reconnect = True if config.get('auto_reconnect', 'false').lower() in ('true', '1') else False
self.reconnect_max_attempts = 0
diff --git a/src/core.py b/src/core.py
index 38b4f974..0d9c88a1 100644
--- a/src/core.py
+++ b/src/core.py
@@ -236,7 +236,8 @@ class Core(object):
# Add handlers
self.xmpp.add_event_handler('connected', self.on_connected)
self.xmpp.add_event_handler('disconnected', self.on_disconnected)
- self.xmpp.add_event_handler('no_auth', self.on_failed_auth)
+ self.xmpp.add_event_handler('failed_auth', self.on_failed_auth)
+ self.xmpp.add_event_handler('no_auth', self.on_no_auth)
self.xmpp.add_event_handler("session_start", self.on_session_start)
self.xmpp.add_event_handler("session_start", self.on_session_start_features)
self.xmpp.add_event_handler("groupchat_presence", self.on_groupchat_presence)
@@ -3553,7 +3554,13 @@ class Core(object):
"""
Authentication failed
"""
- self.information(_("Authentication failed."))
+ self.information(_("Authentication failed (bad credentials?)."))
+
+ def on_no_auth(self, event):
+ """
+ Authentication failed (no mech)
+ """
+ self.information(_("Authentication failed, no login method available."))
def on_connected(self, event):
"""