mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-26 16:26:24 +01:00
Don't offer SASL auth before doing TLS if TLS is required (thanks to Etan Reisner)
Originally reported in http://yo.jabber.ru/bugzilla/show_bug.cgi?id=251 Implements: http://tools.ietf.org/html/rfc3920#section-6.2 If Use of TLS (Section 5) needs to be established before a particular authentication mechanism may be used, the receiving entity MUST NOT provide that mechanism in the list of available SASL authentication mechanisms prior to TLS negotiation.
This commit is contained in:
parent
e653598cd0
commit
59a19ca87a
@ -348,11 +348,27 @@ wait_for_stream({xmlstreamstart, #xmlel{ns = NS} = Opening}, StateData) ->
|
||||
U, Server, P, D, DG)
|
||||
end,
|
||||
StateData#state.socket),
|
||||
Mechs = [exmpp_server_sasl:feature(
|
||||
MechsPrepared = [exmpp_server_sasl:feature(
|
||||
cyrsasl:listmech(Server))],
|
||||
SockMod =
|
||||
(StateData#state.sockmod):get_sockmod(
|
||||
StateData#state.socket),
|
||||
TLSRequired = StateData#state.tls_required,
|
||||
Mechs =
|
||||
case TLSRequired of
|
||||
true ->
|
||||
case (SockMod == gen_tcp) of
|
||||
true ->
|
||||
[];
|
||||
false ->
|
||||
MechsPrepared
|
||||
end;
|
||||
false ->
|
||||
MechsPrepared
|
||||
end,
|
||||
SockMod =
|
||||
(StateData#state.sockmod):get_sockmod(
|
||||
StateData#state.socket),
|
||||
Zlib = StateData#state.zlib,
|
||||
CompressFeature =
|
||||
case Zlib andalso
|
||||
|
Loading…
Reference in New Issue
Block a user