do not allow insecure bind
This commit is contained in:
parent
92d59e9741
commit
014cf66c87
|
@ -875,22 +875,20 @@ public class XmppConnection implements Runnable {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void processStreamFeatures(final Tag currentTag)
|
private void processStreamFeatures(final Tag currentTag) throws XmlPullParserException, IOException {
|
||||||
throws XmlPullParserException, IOException {
|
|
||||||
this.streamFeatures = tagReader.readElement(currentTag);
|
this.streamFeatures = tagReader.readElement(currentTag);
|
||||||
|
final boolean isSecure = features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS;
|
||||||
if (this.streamFeatures.hasChild("starttls") && !features.encryptionEnabled) {
|
if (this.streamFeatures.hasChild("starttls") && !features.encryptionEnabled) {
|
||||||
sendStartTLS();
|
sendStartTLS();
|
||||||
} else if (this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
|
} else if (this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
|
||||||
if (features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS) {
|
if (isSecure) {
|
||||||
sendRegistryRequest();
|
sendRegistryRequest();
|
||||||
} else {
|
} else {
|
||||||
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
|
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
|
||||||
}
|
}
|
||||||
} else if (!this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
|
} else if (!this.streamFeatures.hasChild("register") && account.isOptionSet(Account.OPTION_REGISTER)) {
|
||||||
throw new StateChangingException(Account.State.REGISTRATION_NOT_SUPPORTED);
|
throw new StateChangingException(Account.State.REGISTRATION_NOT_SUPPORTED);
|
||||||
} else if (this.streamFeatures.hasChild("mechanisms")
|
} else if (this.streamFeatures.hasChild("mechanisms") && shouldAuthenticate && isSecure) {
|
||||||
&& shouldAuthenticate
|
|
||||||
&& (features.encryptionEnabled || Config.ALLOW_NON_TLS_CONNECTIONS)) {
|
|
||||||
authenticate();
|
authenticate();
|
||||||
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:" + smVersion) && streamId != null) {
|
} else if (this.streamFeatures.hasChild("sm", "urn:xmpp:sm:" + smVersion) && streamId != null) {
|
||||||
if (Config.EXTENDED_SM_LOGGING) {
|
if (Config.EXTENDED_SM_LOGGING) {
|
||||||
|
@ -901,7 +899,7 @@ public class XmppConnection implements Runnable {
|
||||||
this.mWaitingForSmCatchup.set(true);
|
this.mWaitingForSmCatchup.set(true);
|
||||||
this.tagWriter.writeStanzaAsync(resume);
|
this.tagWriter.writeStanzaAsync(resume);
|
||||||
} else if (needsBinding) {
|
} else if (needsBinding) {
|
||||||
if (this.streamFeatures.hasChild("bind")) {
|
if (this.streamFeatures.hasChild("bind") && isSecure) {
|
||||||
sendBindRequest();
|
sendBindRequest();
|
||||||
} else {
|
} else {
|
||||||
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
|
throw new StateChangingException(Account.State.INCOMPATIBLE_SERVER);
|
||||||
|
|
Loading…
Reference in a new issue