about summary refs log tree commit diff stats
path: root/src
diff options
context:
space:
mode:
authorJames Booth <boothj5@gmail.com>2015-10-18 03:06:23 +0100
committerJames Booth <boothj5@gmail.com>2015-10-18 03:06:23 +0100
commit6640a0891fb51b74c8377745ee1e5585f741a0be (patch)
tree208f6b12c8abd0f43b7900e6d3c288043a13d45c /src
parent9d2745e462eabafcab51e04ec9ad225a13cf9a6f (diff)
downloadprofani-tty-6640a0891fb51b74c8377745ee1e5585f741a0be.tar.gz
Force tls on all connections, add tls policy account property
Diffstat (limited to 'src')
-rw-r--r--src/command/command.c81
-rw-r--r--src/command/commands.c26
-rw-r--r--src/config/account.c10
-rw-r--r--src/config/account.h4
-rw-r--r--src/config/accounts.c28
-rw-r--r--src/config/accounts.h3
-rw-r--r--src/event/client_events.c4
-rw-r--r--src/event/client_events.h2
-rw-r--r--src/ui/console.c3
-rw-r--r--src/xmpp/connection.c32
-rw-r--r--src/xmpp/xmpp.h2
11 files changed, 171 insertions, 24 deletions
diff --git a/src/command/command.c b/src/command/command.c
index 1b8def1a..ec8696fe 100644
--- a/src/command/command.c
+++ b/src/command/command.c
@@ -168,12 +168,12 @@ static struct cmd_t command_defs[] =
     },
 
     { "/connect",
-        cmd_connect, parse_args, 0, 5, NULL,
+        cmd_connect, parse_args, 0, 7, NULL,
         CMD_TAGS(
             CMD_TAG_CONNECTION)
         CMD_SYN(
             "/connect [<account>]",
-            "/connect <account> [server <server>] [port <port>]")
+            "/connect <account> [server <server>] [port <port>] [tls force|allow|disable]")
         CMD_DESC(
             "Login to a chat service. "
             "If no account is specified, the default is used if one is configured. "
@@ -181,12 +181,16 @@ static struct cmd_t command_defs[] =
         CMD_ARGS(
             { "<account>",         "The local account you wish to connect with, or a JID if connecting for the first time." },
             { "server <server>",   "Supply a server if it is different to the domain part of your JID." },
-            { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." })
+            { "port <port>",       "The port to use if different to the default (5222, or 5223 for SSL)." },
+            { "tls force",         "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
+            { "tls allow",         "Use TLS for the connection if it is available." },
+            { "tls disable",       "Disable TLS for the connection." })
         CMD_EXAMPLES(
             "/connect",
             "/connect myuser@gmail.com",
             "/connect myuser@mycompany.com server talk.google.com",
             "/connect bob@someplace port 5678",
+            "/connect me@localhost.test.org server 127.0.0.1 tls disable",
             "/connect me@chatty server chatty.com port 5443")
         },
 
@@ -1491,6 +1495,7 @@ static struct cmd_t command_defs[] =
             "/account set <account> otr <policy>",
             "/account set <account> pgpkeyid <pgpkeyid>",
             "/account set <account> startscript <script>",
+            "/account set <account> tls force|allow|disable",
             "/account clear <account> password",
             "/account clear <account> eval_password",
             "/account clear <account> server",
@@ -1525,6 +1530,9 @@ static struct cmd_t command_defs[] =
             { "set <account> otr <policy>",             "Override global OTR policy for this account, see /otr." },
             { "set <account> pgpkeyid <pgpkeyid>",      "Set the ID of the PGP key for this account, see /pgp." },
             { "set <account> startscript <script>",     "Set the script to execute after connecting." },
+            { "set <account> tls force",                "Force TLS connection, and fail if one cannot be established, this is default behaviour." },
+            { "set <account> tls allow",                "Use TLS for the connection if it is available." },
+            { "set <account> tls disable",              "Disable TLS for the connection." },
             { "clear <account> server",                 "Remove the server setting for this account." },
             { "clear <account> port",                   "Remove the port setting for this account." },
             { "clear <account> password",               "Remove the password setting for this account." },
@@ -1753,6 +1761,7 @@ static Autocomplete otr_ac;
 static Autocomplete otr_log_ac;
 static Autocomplete otr_policy_ac;
 static Autocomplete connect_property_ac;
+static Autocomplete tls_property_ac;
 static Autocomplete statuses_ac;
 static Autocomplete statuses_setting_ac;
 static Autocomplete alias_ac;
@@ -1944,6 +1953,7 @@ cmd_init(void)
     autocomplete_add(account_set_ac, "otr");
     autocomplete_add(account_set_ac, "pgpkeyid");
     autocomplete_add(account_set_ac, "startscript");
+    autocomplete_add(account_set_ac, "tls");
 
     account_clear_ac = autocomplete_new();
     autocomplete_add(account_clear_ac, "password");
@@ -2075,6 +2085,12 @@ cmd_init(void)
     connect_property_ac = autocomplete_new();
     autocomplete_add(connect_property_ac, "server");
     autocomplete_add(connect_property_ac, "port");
+    autocomplete_add(connect_property_ac, "tls");
+
+    tls_property_ac = autocomplete_new();
+    autocomplete_add(tls_property_ac, "force");
+    autocomplete_add(tls_property_ac, "allow");
+    autocomplete_add(tls_property_ac, "disable");
 
     join_property_ac = autocomplete_new();
     autocomplete_add(join_property_ac, "nick");
@@ -2249,6 +2265,7 @@ cmd_uninit(void)
     autocomplete_free(otr_log_ac);
     autocomplete_free(otr_policy_ac);
     autocomplete_free(connect_property_ac);
+    autocomplete_free(tls_property_ac);
     autocomplete_free(statuses_ac);
     autocomplete_free(statuses_setting_ac);
     autocomplete_free(alias_ac);
@@ -2435,6 +2452,7 @@ cmd_reset_autocomplete(ProfWin *window)
     autocomplete_reset(otr_log_ac);
     autocomplete_reset(otr_policy_ac);
     autocomplete_reset(connect_property_ac);
+    autocomplete_reset(tls_property_ac);
     autocomplete_reset(statuses_ac);
     autocomplete_reset(statuses_setting_ac);
     autocomplete_reset(alias_ac);
@@ -3786,7 +3804,7 @@ _connect_autocomplete(ProfWin *window, const char * const input)
     char *found = NULL;
     gboolean result = FALSE;
 
-    gchar **args = parse_args(input, 2, 4, &result);
+    gchar **args = parse_args(input, 2, 6, &result);
 
     if ((strncmp(input, "/connect", 8) == 0) && (result == TRUE)) {
         GString *beginning = g_string_new("/connect ");
@@ -3796,6 +3814,12 @@ _connect_autocomplete(ProfWin *window, const char * const input)
             g_string_append(beginning, args[1]);
             g_string_append(beginning, " ");
             g_string_append(beginning, args[2]);
+            if (args[3] && args[4]) {
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[3]);
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[4]);
+            }
         }
         found = autocomplete_param_with_ac(input, beginning->str, connect_property_ac, TRUE);
         g_string_free(beginning, TRUE);
@@ -3807,6 +3831,46 @@ _connect_autocomplete(ProfWin *window, const char * const input)
 
     g_strfreev(args);
 
+    result = FALSE;
+    args = parse_args(input, 2, 7, &result);
+
+    if ((strncmp(input, "/connect", 8) == 0) && (result == TRUE)) {
+        GString *beginning = g_string_new("/connect ");
+        g_string_append(beginning, args[0]);
+        int curr = 0;
+        if (args[1]) {
+            g_string_append(beginning, " ");
+            g_string_append(beginning, args[1]);
+            curr = 1;
+            if (args[2] && args[3]) {
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[2]);
+                g_string_append(beginning, " ");
+                g_string_append(beginning, args[3]);
+                curr = 3;
+                if (args[4] && args[5]) {
+                    g_string_append(beginning, " ");
+                    g_string_append(beginning, args[4]);
+                    g_string_append(beginning, " ");
+                    g_string_append(beginning, args[5]);
+                    curr = 5;
+                }
+            }
+        }
+        if (curr != 0 && (g_strcmp0(args[curr], "tls") == 0)) {
+            found = autocomplete_param_with_ac(input, beginning->str, tls_property_ac, TRUE);
+            g_string_free(beginning, TRUE);
+            if (found) {
+                g_strfreev(args);
+                return found;
+            }
+        } else {
+            g_string_free(beginning, TRUE);
+        }
+    }
+
+    g_strfreev(args);
+
     found = autocomplete_param_with_func(input, "/connect", accounts_find_enabled);
     if (found) {
         return found;
@@ -3897,6 +3961,15 @@ _account_autocomplete(ProfWin *window, const char * const input)
                 g_strfreev(args);
                 return found;
             }
+        } else if ((g_strv_length(args) > 3) && (g_strcmp0(args[2], "tls")) == 0) {
+            g_string_append(beginning, " ");
+            g_string_append(beginning, args[2]);
+            found = autocomplete_param_with_ac(input, beginning->str, tls_property_ac, TRUE);
+            g_string_free(beginning, TRUE);
+            if (found) {
+                g_strfreev(args);
+                return found;
+            }
 #ifdef HAVE_LIBGPGME
         } else if ((g_strv_length(args) > 3) && (g_strcmp0(args[2], "pgpkeyid")) == 0) {
             g_string_append(beginning, " ");
diff --git a/src/command/commands.c b/src/command/commands.c
index 370c466c..c37af0c7 100644
--- a/src/command/commands.c
+++ b/src/command/commands.c
@@ -255,7 +255,7 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
         return TRUE;
     }
 
-    gchar *opt_keys[] = { "server", "port", NULL };
+    gchar *opt_keys[] = { "server", "port", "tls", NULL };
     gboolean parsed;
 
     GHashTable *options = parse_options(&args[args[0] ? 1 : 0], opt_keys, &parsed);
@@ -267,6 +267,16 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
 
     char *altdomain = g_hash_table_lookup(options, "server");
 
+    char *tls_policy = g_hash_table_lookup(options, "tls");
+    if (tls_policy &&
+            (g_strcmp0(tls_policy, "force") != 0) &&
+            (g_strcmp0(tls_policy, "allow") != 0) &&
+            (g_strcmp0(tls_policy, "disable") != 0)) {
+        cons_bad_cmd_usage(command);
+        cons_show("");
+        return TRUE;
+    }
+
     int port = 0;
     if (g_hash_table_contains(options, "port")) {
         char *port_str = g_hash_table_lookup(options, "port");
@@ -334,7 +344,7 @@ cmd_connect(ProfWin *window, const char * const command, gchar **args)
     } else {
         jid = strdup(lower);
         char *passwd = ui_ask_password();
-        conn_status = cl_ev_connect_jid(jid, passwd, altdomain, port);
+        conn_status = cl_ev_connect_jid(jid, passwd, altdomain, port, tls_policy);
         free(passwd);
     }
 
@@ -386,7 +396,7 @@ cmd_account(ProfWin *window, const char * const command, gchar **args)
         if (account_name == NULL) {
             cons_bad_cmd_usage(command);
         } else {
-            accounts_add(account_name, NULL, 0);
+            accounts_add(account_name, NULL, 0, NULL);
             cons_show("Account created.");
             cons_show("");
         }
@@ -590,6 +600,16 @@ cmd_account(ProfWin *window, const char * const command, gchar **args)
                 } else if (strcmp(property, "startscript") == 0) {
                     accounts_set_script_start(account_name, value);
                     cons_show("Updated start script for account %s: %s", account_name, value);
+                } else if (strcmp(property, "tls") == 0) {
+                    if ((g_strcmp0(value, "force") != 0)
+                            && (g_strcmp0(value, "allow") != 0)
+                            && (g_strcmp0(value, "disable") != 0)) {
+                        cons_show("TLS policy must be one of: force, allow or disable.");
+                    } else {
+                        accounts_set_tls_policy(account_name, value);
+                        cons_show("Updated TLS policy for account %s: %s", account_name, value);
+                        cons_show("");
+                    }
                 } else if (valid_resource_presence_string(property)) {
                     int intval;
                     char *err_msg = NULL;
diff --git a/src/config/account.c b/src/config/account.c
index 71b05a96..534d1138 100644
--- a/src/config/account.c
+++ b/src/config/account.c
@@ -51,7 +51,8 @@ account_new(const gchar * const name, const gchar * const jid,
     int priority_away, int priority_xa, int priority_dnd,
     const gchar * const muc_service, const gchar * const muc_nick,
     const gchar * const otr_policy, GList *otr_manual, GList *otr_opportunistic,
-    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript)
+    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript,
+    gchar *tls_policy)
 {
     ProfAccount *new_account = malloc(sizeof(ProfAccount));
 
@@ -156,6 +157,12 @@ account_new(const gchar * const name, const gchar * const jid,
         new_account->startscript = NULL;
     }
 
+    if (tls_policy != NULL) {
+        new_account->tls_policy = strdup(tls_policy);
+    } else {
+        new_account->tls_policy = NULL;
+    }
+
     return new_account;
 }
 
@@ -224,6 +231,7 @@ account_free(ProfAccount *account)
         free(account->otr_policy);
         free(account->pgp_keyid);
         free(account->startscript);
+        free(account->tls_policy);
         g_list_free_full(account->otr_manual, g_free);
         g_list_free_full(account->otr_opportunistic, g_free);
         g_list_free_full(account->otr_always, g_free);
diff --git a/src/config/account.h b/src/config/account.h
index d2b55569..bb5f27ce 100644
--- a/src/config/account.h
+++ b/src/config/account.h
@@ -61,6 +61,7 @@ typedef struct prof_account_t {
     GList *otr_always;
     gchar *pgp_keyid;
     gchar *startscript;
+    gchar *tls_policy;
 } ProfAccount;
 
 ProfAccount* account_new(const gchar * const name, const gchar * const jid,
@@ -70,7 +71,8 @@ ProfAccount* account_new(const gchar * const name, const gchar * const jid,
     int priority_away, int priority_xa, int priority_dnd,
     const gchar * const muc_service, const gchar * const muc_nick,
     const gchar * const otr_policy, GList *otr_manual, GList *otr_opportunistic,
-    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript);
+    GList *otr_always, const gchar * const pgp_keyid, const char *const startscript,
+    gchar *tls_policy);
 char* account_create_full_jid(ProfAccount *account);
 gboolean account_eval_password(ProfAccount *account);
 void account_free(ProfAccount *account);
diff --git a/src/config/accounts.c b/src/config/accounts.c
index 7ae34983..43239d76 100644
--- a/src/config/accounts.c
+++ b/src/config/accounts.c
@@ -120,7 +120,7 @@ accounts_reset_enabled_search(void)
 }
 
 void
-accounts_add(const char *account_name, const char *altdomain, const int port)
+accounts_add(const char *account_name, const char *altdomain, const int port, const char *const tls_policy)
 {
     // set account name and resource
     const char *barejid = account_name;
@@ -144,6 +144,9 @@ accounts_add(const char *account_name, const char *altdomain, const int port)
         if (port != 0) {
             g_key_file_set_integer(accounts, account_name, "port", port);
         }
+        if (tls_policy) {
+            g_key_file_set_string(accounts, account_name, "tls.policy", tls_policy);
+        }
 
         Jid *jidp = jid_create(barejid);
         GString *muc_service = g_string_new("conference.");
@@ -269,11 +272,19 @@ accounts_get_account(const char * const name)
             startscript = g_key_file_get_string(accounts, name, "script.start", NULL);
         }
 
+        gchar *tls_policy = g_key_file_get_string(accounts, name, "tls.policy", NULL);
+        if (tls_policy && ((g_strcmp0(tls_policy, "force") != 0) &&
+                (g_strcmp0(tls_policy, "allow") != 0) &&
+                (g_strcmp0(tls_policy, "disable") != 0))) {
+            g_free(tls_policy);
+            tls_policy = NULL;
+        }
+
         ProfAccount *new_account = account_new(name, jid, password, eval_password, enabled,
             server, port, resource, last_presence, login_presence,
             priority_online, priority_chat, priority_away, priority_xa,
             priority_dnd, muc_service, muc_nick, otr_policy, otr_manual,
-            otr_opportunistic, otr_always, pgp_keyid, startscript);
+            otr_opportunistic, otr_always, pgp_keyid, startscript, tls_policy);
 
         g_free(jid);
         g_free(password);
@@ -287,6 +298,7 @@ accounts_get_account(const char * const name)
         g_free(otr_policy);
         g_free(pgp_keyid);
         g_free(startscript);
+        g_free(tls_policy);
 
         return new_account;
     }
@@ -354,7 +366,8 @@ accounts_rename(const char * const account_name, const char * const new_name)
         "otr.always",
         "pgp.keyid",
         "last.activity",
-        "script.start"
+        "script.start",
+        "tls.policy"
     };
 
     int i;
@@ -679,6 +692,15 @@ accounts_set_otr_policy(const char * const account_name, const char * const valu
 }
 
 void
+accounts_set_tls_policy(const char * const account_name, const char * const value)
+{
+    if (accounts_account_exists(account_name)) {
+        g_key_file_set_string(accounts, account_name, "tls.policy", value);
+        _save_accounts();
+    }
+}
+
+void
 accounts_set_priority_online(const char * const account_name, const gint value)
 {
     if (accounts_account_exists(account_name)) {
diff --git a/src/config/accounts.h b/src/config/accounts.h
index 610ed6a3..bd9d9307 100644
--- a/src/config/accounts.h
+++ b/src/config/accounts.h
@@ -47,7 +47,7 @@ char * accounts_find_all(const char * const prefix);
 char * accounts_find_enabled(const char * const prefix);
 void accounts_reset_all_search(void);
 void accounts_reset_enabled_search(void);
-void accounts_add(const char *jid, const char *altdomain, const int port);
+void accounts_add(const char *jid, const char *altdomain, const int port, const char *const tls_policy);
 int  accounts_remove(const char *jid);
 gchar** accounts_get_list(void);
 ProfAccount* accounts_get_account(const char * const name);
@@ -65,6 +65,7 @@ void accounts_set_eval_password(const char * const account_name, const char * co
 void accounts_set_muc_service(const char * const account_name, const char * const value);
 void accounts_set_muc_nick(const char * const account_name, const char * const value);
 void accounts_set_otr_policy(const char * const account_name, const char * const value);
+void accounts_set_tls_policy(const char * const account_name, const char * const value);
 void accounts_set_last_presence(const char * const account_name, const char * const value);
 void accounts_set_last_status(const char * const account_name, const char * const value);
 void accounts_set_last_activity(const char * const account_name);
diff --git a/src/event/client_events.c b/src/event/client_events.c
index c3e5070d..8f744c7e 100644
--- a/src/event/client_events.c
+++ b/src/event/client_events.c
@@ -48,10 +48,10 @@
 #endif
 
 jabber_conn_status_t
-cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port)
+cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy)
 {
     cons_show("Connecting as %s", jid);
-    return jabber_connect_with_details(jid, passwd, altdomain, port);
+    return jabber_connect_with_details(jid, passwd, altdomain, port, tls_policy);
 }
 
 jabber_conn_status_t
diff --git a/src/event/client_events.h b/src/event/client_events.h
index ea1bdef7..dbd053f3 100644
--- a/src/event/client_events.h
+++ b/src/event/client_events.h
@@ -35,7 +35,7 @@
 #ifndef CLIENT_EVENTS_H
 #define CLIENT_EVENTS_H
 
-jabber_conn_status_t cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port);
+jabber_conn_status_t cl_ev_connect_jid(const char * const jid, const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy);
 jabber_conn_status_t cl_ev_connect_account(ProfAccount *account);
 
 void cl_ev_presence_send(const resource_presence_t presence_type, const char * const msg, const int idle_secs);
diff --git a/src/ui/console.c b/src/ui/console.c
index 37316d83..bda808c7 100644
--- a/src/ui/console.c
+++ b/src/ui/console.c
@@ -707,6 +707,9 @@ cons_show_account(ProfAccount *account)
     if (account->muc_nick) {
         cons_show   ("muc nick          : %s", account->muc_nick);
     }
+    if (account->tls_policy) {
+        cons_show   ("TLS policy        : %s", account->tls_policy);
+    }
     if (account->last_presence) {
         cons_show   ("Last presence     : %s", account->last_presence);
     }
diff --git a/src/xmpp/connection.c b/src/xmpp/connection.c
index fa29a70e..4b3ef803 100644
--- a/src/xmpp/connection.c
+++ b/src/xmpp/connection.c
@@ -87,6 +87,7 @@ static struct {
     char *passwd;
     char *altdomain;
     int port;
+    char *tls_policy;
 } saved_details;
 
 static GTimer *reconnect_timer;
@@ -101,7 +102,7 @@ static void _xmpp_file_logger(void * const userdata,
 static xmpp_log_t * _xmpp_get_file_logger();
 
 static jabber_conn_status_t _jabber_connect(const char * const fulljid,
-    const char * const passwd, const char * const altdomain, int port);
+    const char * const passwd, const char * const altdomain, int port, const char *const tls_policy);
 
 static void _jabber_reconnect(void);
 
@@ -149,7 +150,7 @@ jabber_connect_with_account(const ProfAccount * const account)
     // connect with fulljid
     Jid *jidp = jid_create_from_bare_and_resource(account->jid, account->resource);
     jabber_conn_status_t result =
-      _jabber_connect(jidp->fulljid, account->password, account->server, account->port);
+      _jabber_connect(jidp->fulljid, account->password, account->server, account->port, account->tls_policy);
     jid_destroy(jidp);
 
     return result;
@@ -157,7 +158,7 @@ jabber_connect_with_account(const ProfAccount * const account)
 
 jabber_conn_status_t
 jabber_connect_with_details(const char * const jid,
-    const char * const passwd, const char * const altdomain, const int port)
+    const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy)
 {
     assert(jid != NULL);
     assert(passwd != NULL);
@@ -175,6 +176,11 @@ jabber_connect_with_details(const char * const jid,
     } else {
         saved_details.port = 0;
     }
+    if (tls_policy) {
+        saved_details.tls_policy = strdup(tls_policy);
+    } else {
+        saved_details.tls_policy = NULL;
+    }
 
     // use 'profanity' when no resourcepart in provided jid
     Jid *jidp = jid_create(jid);
@@ -189,7 +195,12 @@ jabber_connect_with_details(const char * const jid,
 
     // connect with fulljid
     log_info("Connecting without account, JID: %s", saved_details.jid);
-    return _jabber_connect(saved_details.jid, passwd, saved_details.altdomain, saved_details.port);
+    return _jabber_connect(
+        saved_details.jid,
+        passwd,
+        saved_details.altdomain,
+        saved_details.port,
+        saved_details.tls_policy);
 }
 
 void
@@ -363,6 +374,7 @@ _connection_free_saved_details(void)
     FREE_SET_NULL(saved_details.jid);
     FREE_SET_NULL(saved_details.passwd);
     FREE_SET_NULL(saved_details.altdomain);
+    FREE_SET_NULL(saved_details.tls_policy);
 }
 
 void
@@ -384,7 +396,7 @@ _connection_certfail_cb(const char * const certname, const char * const certfp,
 
 static jabber_conn_status_t
 _jabber_connect(const char * const fulljid, const char * const passwd,
-    const char * const altdomain, int port)
+    const char * const altdomain, int port, const char *const tls_policy)
 {
     assert(fulljid != NULL);
     assert(passwd != NULL);
@@ -429,6 +441,12 @@ _jabber_connect(const char * const fulljid, const char * const passwd,
     xmpp_conn_set_jid(jabber_conn.conn, fulljid);
     xmpp_conn_set_pass(jabber_conn.conn, passwd);
 
+    if (!tls_policy || (g_strcmp0(tls_policy, "force") == 0)) {
+        xmpp_conn_set_flags(jabber_conn.conn, XMPP_CONN_FLAG_MANDATORY_TLS);
+    } else if (g_strcmp0(tls_policy, "disable") == 0) {
+        xmpp_conn_set_flags(jabber_conn.conn, XMPP_CONN_FLAG_DISABLE_TLS);
+    }
+
 #ifdef HAVE_LIBMESODE
     char *cert_path = prefs_get_string(PREF_TLS_CERTPATH);
     if (cert_path) {
@@ -463,7 +481,7 @@ _jabber_reconnect(void)
     } else {
         char *fulljid = create_fulljid(account->jid, account->resource);
         log_debug("Attempting reconnect with account %s", account->name);
-        _jabber_connect(fulljid, saved_account.passwd, account->server, account->port);
+        _jabber_connect(fulljid, saved_account.passwd, account->server, account->port, account->tls_policy);
         free(fulljid);
         g_timer_start(reconnect_timer);
     }
@@ -489,7 +507,7 @@ _connection_handler(xmpp_conn_t * const conn,
         // logged in without account, use details to create new account
         } else {
             log_debug("Connection handler: logged in with jid: %s", saved_details.name);
-            accounts_add(saved_details.name, saved_details.altdomain, saved_details.port);
+            accounts_add(saved_details.name, saved_details.altdomain, saved_details.port, saved_details.tls_policy);
             accounts_set_jid(saved_details.name, saved_details.jid);
 
             sv_ev_login_account_success(saved_details.name, secured);
diff --git a/src/xmpp/xmpp.h b/src/xmpp/xmpp.h
index ddf83c64..43106fa6 100644
--- a/src/xmpp/xmpp.h
+++ b/src/xmpp/xmpp.h
@@ -139,7 +139,7 @@ typedef struct data_form_t {
 // connection functions
 void jabber_init(void);
 jabber_conn_status_t jabber_connect_with_details(const char * const jid,
-    const char * const passwd, const char * const altdomain, const int port);
+    const char * const passwd, const char * const altdomain, const int port, const char *const tls_policy);
 jabber_conn_status_t jabber_connect_with_account(const ProfAccount * const account);
 void jabber_disconnect(void);
 void jabber_shutdown(void);