diff options
| author | Jeremy Lainé <jeremy.laine@m4x.org> | 2010-08-09 10:47:20 +0000 |
|---|---|---|
| committer | Jeremy Lainé <jeremy.laine@m4x.org> | 2010-08-09 10:47:20 +0000 |
| commit | 1190f3c77074cb9236ca05762b891843d0a09de3 (patch) | |
| tree | afe9e9a8335f83cb24a293619abe519c5306795e /source/QXmppStream.cpp | |
| parent | 59fa2fe885e59760b9d4fb3f4868ef76c3efa609 (diff) | |
| download | qxmpp-1190f3c77074cb9236ca05762b891843d0a09de3.tar.gz | |
clarify StartTls code
Diffstat (limited to 'source/QXmppStream.cpp')
| -rw-r--r-- | source/QXmppStream.cpp | 59 |
1 files changed, 26 insertions, 33 deletions
diff --git a/source/QXmppStream.cpp b/source/QXmppStream.cpp index 8b34e066..8c09132a 100644 --- a/source/QXmppStream.cpp +++ b/source/QXmppStream.cpp @@ -301,42 +301,40 @@ void QXmppStream::parser(const QByteArray& data) namespaceURI() == ns_sasl; bool useSasl = configuration().useSASLAuthentication(); - if(nodeRecv.firstChildElement("starttls").namespaceURI() - == ns_tls && !m_socket.isEncrypted()) + if (!m_socket.isEncrypted()) { - if(nodeRecv.firstChildElement("starttls"). - firstChildElement().tagName() == "required") + // parse remote TLS mode + QXmppConfiguration::StreamSecurityMode remoteSecurity; + QDomElement tlsElement = nodeRecv.firstChildElement("starttls"); + if (tlsElement.namespaceURI() == ns_tls) { - // TLS is must from the server side - sendStartTls(); - return; - } - else - { - // TLS is optional from the server side - switch(configuration().streamSecurityMode()) - { - case QXmppConfiguration::TLSEnabled: - case QXmppConfiguration::TLSRequired: - sendStartTls(); - return; - case QXmppConfiguration::TLSDisabled: - break; - } + if (tlsElement.firstChildElement().tagName() == "required") + remoteSecurity = QXmppConfiguration::TLSRequired; + else + remoteSecurity = QXmppConfiguration::TLSEnabled; + } else { + remoteSecurity = QXmppConfiguration::TLSDisabled; } - } - else if(!m_socket.isEncrypted()) // TLS not supported by server - { - if(configuration().streamSecurityMode() == - QXmppConfiguration::TLSRequired) + + // determine TLS mode to use + const QXmppConfiguration::StreamSecurityMode localSecurity = configuration().streamSecurityMode(); + if (localSecurity == QXmppConfiguration::TLSRequired && + remoteSecurity == QXmppConfiguration::TLSDisabled) { - // disconnect as the for client TLS is compulsory but - // not available on the server - // + // disconnect as TLS is required by the client + // but not available on the server warning("Disconnecting as TLS not available at the server"); disconnect(); return; } + if (remoteSecurity == QXmppConfiguration::TLSRequired || + localSecurity != QXmppConfiguration::TLSDisabled) + { + // enable TLS as it is required by the server + // or supported by the client + sendToServer("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); + return; + } } if((saslAvailable && nonSaslAvailable && !useSasl) || @@ -792,11 +790,6 @@ bool QXmppStream::hasEndStreamElement(const QByteArray& data) return str.contains(regex); } -void QXmppStream::sendStartTls() -{ - sendToServer("<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'/>"); -} - void QXmppStream::sendNonSASLAuth(bool plainText) { QXmppNonSASLAuthIq authQuery; |