Skip to content

Commit

Permalink
Get rid of tls probing mode + ssl->tls
Browse files Browse the repository at this point in the history
  • Loading branch information
@Ri0n
Ri0n committed Jun 22, 2024
1 parent fb2b878 commit fee9191
Show file tree
Hide file tree
Showing 15 changed files with 66 additions and 95 deletions.
2 changes: 1 addition & 1 deletion iris
Submodule iris updated 2 files
+25 −60 src/xmpp/xmpp-core/connector.cpp
+3 −2 src/xmpp/xmpp-core/xmpp.h
1 change: 0 additions & 1 deletion options/default.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,6 @@
<sm comment="Option related to the Stream Management UI">
<show comment="Show the Stream Management UI" type="bool">true</show>
</sm>
<legacy-ssl-probe comment="Show legacy SSL probe option" type="bool">false</legacy-ssl-probe>
<manual-host comment="Enable manual host configuration" type="bool">true</manual-host>
<priority comment="Allow changing the priority" type="bool">true</priority>
<privacy comment="Options related to the privacy UI">
Expand Down
4 changes: 2 additions & 2 deletions src/accountadddlg.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,8 +105,8 @@ void AccountAddDlg::add()

delete w;

newAccount = psi->createAccount(le_name->text(), jid, pass, opt_host, host, port, false, ssl, proxy,
tlsOverrideDomain, tlsOverrideCert);
newAccount = psi->createAccount(le_name->text(), jid, pass, opt_host, host, port, ssl, proxy, tlsOverrideDomain,
tlsOverrideCert);
} else {
newAccount = psi->createAccount(le_name->text());
}
Expand Down
5 changes: 2 additions & 3 deletions src/accountmanagedlg.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -191,9 +191,8 @@ void AccountRemoveDlg::remove()

QString pass = le_pass->text();
Jid j(Jid(d->acc.jid).withResource(d->acc.resource));
client->connectToServer(j, d->acc.legacy_ssl_probe, d->acc.ssl == UserAccount::SSL_Legacy,
d->acc.ssl == UserAccount::SSL_Yes, d->acc.opt_host ? d->acc.host : QString(), d->acc.port,
d->acc.proxyID, &pass);
client->connectToServer(j, d->acc.ssl == UserAccount::Direct_TLS, d->acc.ssl == UserAccount::TLS_Yes,
d->acc.opt_host ? d->acc.host : QString(), d->acc.port, d->acc.proxyID, &pass);
}

void AccountRemoveDlg::client_handshaken()
Expand Down
24 changes: 12 additions & 12 deletions src/accountmodifydlg.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,10 +96,10 @@ void AccountModifyDlg::init()
le_name->setText(acc.name);
le_jid->setText(JIDUtil::accountToString(acc.jid, false));

cb_ssl->addItem(tr("Always"), UserAccount::SSL_Yes);
cb_ssl->addItem(tr("When available"), UserAccount::SSL_Auto);
cb_ssl->addItem(tr("Never"), UserAccount::SSL_No);
cb_ssl->addItem(tr("Legacy SSL"), UserAccount::SSL_Legacy);
cb_ssl->addItem(tr("Always"), UserAccount::TLS_Yes);
cb_ssl->addItem(tr("When available"), UserAccount::TLS_Auto);
cb_ssl->addItem(tr("Never"), UserAccount::TLS_No);
cb_ssl->addItem(tr("Direct TLS"), UserAccount::Direct_TLS);
cb_ssl->setCurrentIndex(cb_ssl->findData(acc.ssl));
connect(cb_ssl, SIGNAL(activated(int)), SLOT(sslActivated(int)));

Expand Down Expand Up @@ -378,20 +378,20 @@ void AccountModifyDlg::setPassword(const QString &pw)

void AccountModifyDlg::sslActivated(int i)
{
if ((cb_ssl->itemData(i) == UserAccount::SSL_Yes || cb_ssl->itemData(i) == UserAccount::SSL_Legacy)
if ((cb_ssl->itemData(i) == UserAccount::TLS_Yes || cb_ssl->itemData(i) == UserAccount::Direct_TLS)
&& !checkSSL()) {
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::SSL_Auto));
} else if (cb_ssl->itemData(i) == UserAccount::SSL_Legacy && !ck_host->isChecked()) {
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::TLS_Auto));
} else if (cb_ssl->itemData(i) == UserAccount::Direct_TLS && !ck_host->isChecked()) {
QMessageBox::critical(this, tr("Error"),
tr("Legacy SSL is only available in combination with manual host/port."));
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::SSL_Auto));
tr("Direct TLS is only available in combination with manual host/port."));
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::TLS_Auto));
}
}

bool AccountModifyDlg::checkSSL()
{
if (!QCA::isSupported("tls")) {
QMessageBox::critical(this, tr("SSL error"), tr("Cannot enable SSL/TLS. Plugin not found."));
QMessageBox::critical(this, tr("TLS error"), tr("Cannot enable TLS. Plugin not found."));
return false;
}
return true;
Expand All @@ -403,8 +403,8 @@ void AccountModifyDlg::hostToggled(bool on)
lb_host->setEnabled(on);
le_port->setEnabled(on);
lb_port->setEnabled(on);
if (!on && cb_ssl->currentIndex() == cb_ssl->findData(UserAccount::SSL_Legacy)) {
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::SSL_Auto));
if (!on && cb_ssl->currentIndex() == cb_ssl->findData(UserAccount::Direct_TLS)) {
cb_ssl->setCurrentIndex(cb_ssl->findData(UserAccount::TLS_Auto));
}
}

Expand Down
24 changes: 12 additions & 12 deletions src/accountregdlg.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ AccountRegDlg::AccountRegDlg(PsiCon *psi, QWidget *parent) : QDialog(parent), ps
// step

// Initialize settings
ssl_ = UserAccount::SSL_Auto;
ssl_ = UserAccount::TLS_Auto;
port_ = 5222;

// Server select button
Expand All @@ -62,9 +62,9 @@ AccountRegDlg::AccountRegDlg(PsiCon *psi, QWidget *parent) : QDialog(parent), ps
connect(ui_.ck_host, SIGNAL(toggled(bool)), SLOT(hostToggled(bool)));

// SSL
ui_.cb_ssl->addItem(tr("Always"), UserAccount::SSL_Yes);
ui_.cb_ssl->addItem(tr("When available"), UserAccount::SSL_Auto);
ui_.cb_ssl->addItem(tr("Legacy SSL"), UserAccount::SSL_Legacy);
ui_.cb_ssl->addItem(tr("Always"), UserAccount::TLS_Yes);
ui_.cb_ssl->addItem(tr("When available"), UserAccount::TLS_Auto);
ui_.cb_ssl->addItem(tr("Direct TLS"), UserAccount::Direct_TLS);
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(ssl_));
connect(ui_.cb_ssl, SIGNAL(activated(int)), SLOT(sslActivated(int)));

Expand Down Expand Up @@ -114,13 +114,13 @@ void AccountRegDlg::done(int r)

void AccountRegDlg::sslActivated(int i)
{
if ((ui_.cb_ssl->itemData(i) == UserAccount::SSL_Yes || ui_.cb_ssl->itemData(i) == UserAccount::SSL_Legacy)
if ((ui_.cb_ssl->itemData(i) == UserAccount::TLS_Yes || ui_.cb_ssl->itemData(i) == UserAccount::Direct_TLS)
&& !checkSSL()) {
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::SSL_Auto));
} else if (ui_.cb_ssl->itemData(i) == UserAccount::SSL_Legacy && !ui_.ck_host->isChecked()) {
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::TLS_Auto));
} else if (ui_.cb_ssl->itemData(i) == UserAccount::Direct_TLS && !ui_.ck_host->isChecked()) {
QMessageBox::critical(this, tr("Error"),
tr("Legacy SSL is only available in combination with manual host/port."));
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::SSL_Auto));
tr("Direct TLS is only available in combination with manual host/port."));
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::TLS_Auto));
}
}

Expand All @@ -139,8 +139,8 @@ void AccountRegDlg::hostToggled(bool on)
ui_.le_port->setEnabled(on);
ui_.lb_host->setEnabled(on);
ui_.lb_port->setEnabled(on);
if (!on && ui_.cb_ssl->currentIndex() == ui_.cb_ssl->findData(UserAccount::SSL_Legacy)) {
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::SSL_Auto));
if (!on && ui_.cb_ssl->currentIndex() == ui_.cb_ssl->findData(UserAccount::Direct_TLS)) {
ui_.cb_ssl->setCurrentIndex(ui_.cb_ssl->findData(UserAccount::TLS_Auto));
}
}

Expand Down Expand Up @@ -196,7 +196,7 @@ void AccountRegDlg::next()
// Connect to the server
ui_.busy->start();
block();
client_->connectToServer(server_, false, ssl_ == UserAccount::SSL_Legacy, ssl_ == UserAccount::SSL_Yes,
client_->connectToServer(server_, ssl_ == UserAccount::Direct_TLS, ssl_ == UserAccount::TLS_Yes,
opt_host_ ? host_ : QString(), port_, proxy_);
} else if (ui_.sw_register->currentWidget() == ui_.page_fields) {
// Initialize the form
Expand Down
8 changes: 3 additions & 5 deletions src/miniclient.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,8 @@ void MiniClient::reset()
conn = nullptr;
}

void MiniClient::connectToServer(const Jid &jid, bool legacy_ssl_probe, bool legacy_ssl, bool forcessl,
const QString &_host, int _port, QString proxy, QString *_pass)
void MiniClient::connectToServer(const Jid &jid, bool direct_tls, bool forcessl, const QString &_host, int _port,
QString proxy, QString *_pass)
{
j = jid;

Expand Down Expand Up @@ -123,9 +123,7 @@ void MiniClient::connectToServer(const Jid &jid, bool legacy_ssl_probe, bool leg
conn->setProxy(p);
if (useHost) {
conn->setOptHostPort(host, quint16(port));
conn->setOptSSL(legacy_ssl);
} else {
conn->setOptProbe(legacy_ssl_probe);
conn->setOptSSL(direct_tls);
}

stream = new ClientStream(conn, tlsHandler);
Expand Down
2 changes: 1 addition & 1 deletion src/miniclient.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ class MiniClient : public QObject {
~MiniClient();

void reset();
void connectToServer(const XMPP::Jid &j, bool legacy_ssl_probe, bool legacy_ssl, bool force_ssl,
void connectToServer(const XMPP::Jid &j, bool direct_tls, bool force_ssl,
const QString &host, int port, QString proxy, QString *pass = nullptr);
void close();
XMPP::Client *client();
Expand Down
3 changes: 1 addition & 2 deletions src/profiles.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,10 @@ class UserAccount {
opt_reconn, opt_ignoreSSLWarnings, opt_useProxyForUpload, opt_compress, opt_sm;

bool req_mutual_auth;
bool legacy_ssl_probe;
bool opt_automatic_resource, priority_dep_on_status, ignore_global_actions;
XMPP::ClientStream::AllowPlainType allow_plain;
int security_level;
enum SSLFlag { SSL_No = 0, SSL_Yes = 1, SSL_Auto = 2, SSL_Legacy = 3 } ssl;
enum SSLFlag { TLS_No = 0, TLS_Yes = 1, TLS_Auto = 2, Direct_TLS = 3 } ssl;

QString proxyID;

Expand Down
23 changes: 10 additions & 13 deletions src/psi_profiles.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,9 +65,8 @@ void UserAccount::reset()
customAuth = false;
storeSaltedHashedPassword = false;
req_mutual_auth = false;
legacy_ssl_probe = false;
security_level = QCA::SL_None;
ssl = SSL_Auto;
ssl = TLS_Auto;
jid = "";
pass = "";
scramSaltedHashPassword = "";
Expand Down Expand Up @@ -137,7 +136,6 @@ void UserAccount::fromOptions(OptionsTree *o, QString base)
opt_useProxyForUpload = o->getOption(base + ".use-proxy-for-upload", true).toBool();
opt_compress = o->getOption(base + ".compress").toBool();
req_mutual_auth = o->getOption(base + ".require-mutual-auth").toBool();
legacy_ssl_probe = o->getOption(base + ".legacy-ssl-probe").toBool();
opt_automatic_resource = o->getOption(base + ".automatic-resource").toBool();
priority_dep_on_status = o->getOption(base + ".priority-depends-on-status", false).toBool();
ignore_global_actions = o->getOption(base + ".ignore-global-actions").toBool();
Expand Down Expand Up @@ -179,15 +177,15 @@ void UserAccount::fromOptions(OptionsTree *o, QString base)

tmp = o->getOption(base + ".ssl").toString();
if (tmp == "no") {
ssl = SSL_No;
ssl = TLS_No;
} else if (tmp == "yes") {
ssl = SSL_Yes;
ssl = TLS_Yes;
} else if (tmp == "auto") {
ssl = SSL_Auto;
ssl = TLS_Auto;
} else if (tmp == "legacy") {
ssl = SSL_Legacy;
ssl = Direct_TLS;
} else {
ssl = SSL_Yes;
ssl = TLS_Yes;
}

host = o->getOption(base + ".host").toString();
Expand Down Expand Up @@ -296,7 +294,6 @@ void UserAccount::toOptions(OptionsTree *o, QString base)
o->setOption(base + ".use-proxy-for-upload", opt_useProxyForUpload);
o->setOption(base + ".compress", opt_compress);
o->setOption(base + ".require-mutual-auth", req_mutual_auth);
o->setOption(base + ".legacy-ssl-probe", legacy_ssl_probe);
o->setOption(base + ".automatic-resource", opt_automatic_resource);
o->setOption(base + ".priority-depends-on-status", priority_dep_on_status);
o->setOption(base + ".ignore-global-actions", ignore_global_actions);
Expand Down Expand Up @@ -331,16 +328,16 @@ void UserAccount::toOptions(OptionsTree *o, QString base)
o->setOption(base + ".use-host", opt_host);
o->setOption(base + ".security-level", security_level);
switch (ssl) {
case SSL_No:
case TLS_No:
o->setOption(base + ".ssl", "no");
break;
case SSL_Yes:
case TLS_Yes:
o->setOption(base + ".ssl", "yes");
break;
case SSL_Auto:
case TLS_Auto:
o->setOption(base + ".ssl", "auto");
break;
case SSL_Legacy:
case Direct_TLS:
o->setOption(base + ".ssl", "legacy");
break;
default:
Expand Down
28 changes: 5 additions & 23 deletions src/psiaccount.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1609,7 +1609,7 @@ void PsiAccount::login()

const bool tlsSupported = QCA::isSupported("tls");
const bool keyStoreManagerAvailable = !QCA::KeyStoreManager().isBusy();
if (d->acc.ssl == UserAccount::SSL_Yes || d->acc.ssl == UserAccount::SSL_Legacy) {
if (d->acc.ssl == UserAccount::TLS_Yes || d->acc.ssl == UserAccount::Direct_TLS) {
if (!tlsSupported) {
QString title;
if (d->psi->contactList()->enabledAccounts().count() > 1) {
Expand Down Expand Up @@ -1642,24 +1642,6 @@ void PsiAccount::login()
#endif
updateClientVersionInfo();

if (d->acc.legacy_ssl_probe) {
// disable the feature and display a notice
d->acc.legacy_ssl_probe = false;
emit updatedAccount();

QString title;
if (d->psi->contactList()->enabledAccounts().count() > 1) {
title = QString("%1: ").arg(name());
}
title += tr("Feature Removed");
QString message = tr("This account was configured to use the \"Probe legacy SSL port\" feature, but this "
"feature is no longer supported. Unless your XMPP server is very outdated, this change "
"should not affect you. If you have trouble connecting, please review your account "
"settings for correctness or contact your XMPP server administrator.");

psi()->alertManager()->raiseMessageBox(AlertManager::ConnectionError, QMessageBox::Information, title, message);
}

d->jid = d->nextJid;

v_isActive = true;
Expand All @@ -1686,18 +1668,18 @@ void PsiAccount::login()

// stream
d->conn = new AdvancedConnector;
if (d->acc.ssl != UserAccount::SSL_No && tlsSupported && keyStoreManagerAvailable) {
if (d->acc.ssl != UserAccount::TLS_No && tlsSupported && keyStoreManagerAvailable) {
d->tls = new QCA::TLS;
d->tls->setTrustedCertificates(CertificateHelpers::allCertificates(ApplicationInfo::getCertificateStoreDirs()));
d->tlsHandler = new QCATLSHandler(d->tls);
d->tlsHandler->setXMPPCertCheck(true);
connect(d->tlsHandler, &QCATLSHandler::tlsHandshaken, this, &PsiAccount::tls_handshaken);
}
d->conn->setProxy(p);
d->conn->setOptTlsSrv(d->acc.ssl == UserAccount::SSL_Auto || d->acc.ssl == UserAccount::SSL_Yes);
d->conn->setOptTlsSrv(d->acc.ssl == UserAccount::TLS_Auto || d->acc.ssl == UserAccount::TLS_Yes);
if (useHost) {
d->conn->setOptHostPort(host, quint16(port));
d->conn->setOptSSL(d->acc.ssl == UserAccount::SSL_Legacy);
d->conn->setOptSSL(d->acc.ssl == UserAccount::Direct_TLS);
}

d->stream = new ClientStream(d->conn, d->tlsHandler);
Expand Down Expand Up @@ -2018,7 +2000,7 @@ void PsiAccount::cs_warning(int w)
if (w == ClientStream::WarnSMReconnection)
return;

bool showNoTlsWarning = w == ClientStream::WarnNoTLS && d->acc.ssl == UserAccount::SSL_Yes;
bool showNoTlsWarning = w == ClientStream::WarnNoTLS && d->acc.ssl == UserAccount::TLS_Yes;
bool doCleanupStream = !d->stream || showNoTlsWarning;

if (doCleanupStream) {
Expand Down
13 changes: 6 additions & 7 deletions src/psicon.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,6 @@
#ifdef WEBKIT
#include "avatars.h"
#include "chatviewthemeprovider.h"
#include "webview.h"
#endif
#ifdef HAVE_SPARKLE
#include "AutoUpdater/SparkleAutoUpdater.h"
Expand Down Expand Up @@ -1036,11 +1035,11 @@ AccountsComboBox *PsiCon::accountsComboBox(QWidget *parent, bool online_only)
}

PsiAccount *PsiCon::createAccount(const QString &name, const Jid &j, const QString &pass, bool opt_host,
const QString &host, int port, bool legacy_ssl_probe, UserAccount::SSLFlag ssl,
QString proxy, const QString &tlsOverrideDomain, const QByteArray &tlsOverrideCert)
const QString &host, int port, UserAccount::SSLFlag ssl, QString proxy,
const QString &tlsOverrideDomain, const QByteArray &tlsOverrideCert)
{
return d->contactList->createAccount(name, j, pass, opt_host, host, port, legacy_ssl_probe, ssl, proxy,
tlsOverrideDomain, tlsOverrideCert);
return d->contactList->createAccount(name, j, pass, opt_host, host, port, ssl, proxy, tlsOverrideDomain,
tlsOverrideCert);
}

PsiAccount *PsiCon::createAccount(const UserAccount &_acc)
Expand Down Expand Up @@ -1920,8 +1919,8 @@ void PsiCon::promptUserToCreateAccount()
AccountRegDlg w(this);
int n = w.exec();
if (n == QDialog::Accepted) {
contactList()->createAccount(w.jid().node(), w.jid(), w.pass(), w.useHost(), w.host(), w.port(), false,
w.ssl(), w.proxy(), w.tlsOverrideDomain(), w.tlsOverrideCert());
contactList()->createAccount(w.jid().node(), w.jid(), w.pass(), w.useHost(), w.host(), w.port(), w.ssl(),
w.proxy(), w.tlsOverrideDomain(), w.tlsOverrideCert());
}
}
}
Expand Down
4 changes: 2 additions & 2 deletions src/psicon.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,8 +96,8 @@ class PsiCon : public QObject {
ContactUpdatesManager *contactUpdatesManager() const;

PsiAccount *createAccount(const QString &name, const Jid &j = "", const QString &pass = "", bool opt_host = false,
const QString &host = "", int port = 5222, bool legacy_ssl_probe = false,
UserAccount::SSLFlag ssl = UserAccount::SSL_Auto, QString proxy = "",
const QString &host = "", int port = 5222,
UserAccount::SSLFlag ssl = UserAccount::TLS_Auto, QString proxy = "",
const QString &tlsOverrideDomain = "", const QByteArray &tlsOverrideCert = QByteArray());
PsiAccount *createAccount(const UserAccount &);
// void createAccount(const QString &, const QString &host="", int port=5222, bool ssl=false, const QString
Expand Down
Loading

0 comments on commit fee9191

Please sign in to comment.