diff options
author | Steffen Jaeckel <jaeckel-floss@eyet-services.de> | 2023-01-26 16:03:57 +0100 |
---|---|---|
committer | Steffen Jaeckel <jaeckel-floss@eyet-services.de> | 2023-01-27 17:04:48 +0100 |
commit | b602d619f676b9a0326c31200df967f3ae81f354 (patch) | |
tree | 0808ac5e02359e20f0daf51ed7823b7bec88dbc3 /src/xmpp/connection.c | |
parent | 901ef217278de331b9d225ea483be3ffad295885 (diff) | |
download | profani-tty-b602d619f676b9a0326c31200df967f3ae81f354.tar.gz |
prevent setting invalid combination of libstrophe flags
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Diffstat (limited to 'src/xmpp/connection.c')
-rw-r--r-- | src/xmpp/connection.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c index d57a1376..3165a18e 100644 --- a/src/xmpp/connection.c +++ b/src/xmpp/connection.c @@ -198,6 +198,10 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char long flags = xmpp_conn_get_flags(conn.xmpp_conn); + /* clear all TLS & auth related flags */ + flags &= ~(XMPP_CONN_FLAG_DISABLE_TLS | XMPP_CONN_FLAG_MANDATORY_TLS + | XMPP_CONN_FLAG_LEGACY_SSL | XMPP_CONN_FLAG_TRUST_TLS + | XMPP_CONN_FLAG_LEGACY_AUTH); if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) { flags |= XMPP_CONN_FLAG_MANDATORY_TLS; } else if (g_strcmp0(tls_policy, "trust") == 0) { @@ -213,8 +217,6 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char flags |= XMPP_CONN_FLAG_LEGACY_AUTH; } - xmpp_conn_set_flags(conn.xmpp_conn, flags); - /* Print debug logs that can help when users share the logs */ if (flags != 0) { log_debug("Connecting with flags (0x%lx):", flags); @@ -230,6 +232,12 @@ _conn_apply_settings(const char* const jid, const char* const passwd, const char #undef LOG_FLAG_IF_SET } + if (xmpp_conn_set_flags(conn.xmpp_conn, flags)) { + log_error("libstrophe doesn't accept this combination of flags: 0x%x", flags); + conn.conn_status = JABBER_DISCONNECTED; + return FALSE; + } + char* cert_path = prefs_get_tls_certpath(); if (cert_path) { xmpp_conn_set_capath(conn.xmpp_conn, cert_path); |