Changeset 689

Timestamp:

19/08/08 12:42:16 (5 months ago)

Author:

smoku

Message:

Do not offer compression if STARTTLS is required and not enabled. Return better error on STARTTLS required failure.

Location:

trunk

Files:

• c2s/c2s.c (modified) (1 diff)
• sx/compress.c (modified) (1 diff)

trunk/c2s/c2s.c

@@ -408 +408 @@
                 log_write(sess->c2s->log, LOG_NOTICE, "[%d] got pre STARTTLS packet, dropping", sess->s->tag);
 
-                sx_error(s, stream_err_NOT_AUTHORIZED, "stanza sent before starttls");
+                sx_error(s, stream_err_POLICY_VIOLATION, "STARTTLS is required for this stream");
 
                 nad_free(nad);

trunk/sx/compress.c

@@ -120 +120 @@
     int ns;
 
-    /* if the session is already compressed, or the app told us not to, then we don't offer anything */
-    if(s->compressed || !(s->flags & SX_COMPRESS_OFFER))
+    /* if the session is already compressed, or the app told us not to,
+         * or STARTTLS is required and stream is not encrypted yet, then we don't offer anything */
+    if(s->compressed || !(s->flags & SX_COMPRESS_OFFER) || ((s->flags & SX_SSL_STARTTLS_REQUIRE) && s->ssf == 0))
         return;