mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-24 16:23:40 +01:00
Merge pull request #316 from weiss/really-require-tls
Make sure "starttls_required" can't be bypassed
This commit is contained in:
commit
97fa57c360
@ -735,7 +735,7 @@ wait_for_feature_request({xmlstreamelement, El},
|
|||||||
(StateData#state.sockmod):get_sockmod(StateData#state.socket),
|
(StateData#state.sockmod):get_sockmod(StateData#state.socket),
|
||||||
case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
|
case {xml:get_attr_s(<<"xmlns">>, Attrs), Name} of
|
||||||
{?NS_SASL, <<"auth">>}
|
{?NS_SASL, <<"auth">>}
|
||||||
when not ((SockMod == gen_tcp) and TLSRequired) ->
|
when TLSEnabled or not TLSRequired ->
|
||||||
Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
|
Mech = xml:get_attr_s(<<"mechanism">>, Attrs),
|
||||||
ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
|
ClientIn = jlib:decode_base64(xml:get_cdata(Els)),
|
||||||
case cyrsasl:server_start(StateData#state.sasl_state,
|
case cyrsasl:server_start(StateData#state.sasl_state,
|
||||||
@ -856,7 +856,7 @@ wait_for_feature_request({xmlstreamelement, El},
|
|||||||
end
|
end
|
||||||
end;
|
end;
|
||||||
_ ->
|
_ ->
|
||||||
if (SockMod == gen_tcp) and TLSRequired ->
|
if TLSRequired and not TLSEnabled ->
|
||||||
Lang = StateData#state.lang,
|
Lang = StateData#state.lang,
|
||||||
send_element(StateData,
|
send_element(StateData,
|
||||||
?POLICY_VIOLATION_ERR(Lang,
|
?POLICY_VIOLATION_ERR(Lang,
|
||||||
|
Loading…
Reference in New Issue
Block a user