Add insecure option to forbid connection without TLS
(Thanks to Stevie)
This commit is contained in:
parent
683085125c
commit
d5221f1a11
|
@ -23,7 +23,7 @@ func TestClient_Connect(t *testing.T) {
|
||||||
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
|
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
|
||||||
|
|
||||||
// Test / Check result
|
// Test / Check result
|
||||||
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
|
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test", Insecure: true}
|
||||||
|
|
||||||
var client *Client
|
var client *Client
|
||||||
var err error
|
var err error
|
||||||
|
@ -38,6 +38,28 @@ func TestClient_Connect(t *testing.T) {
|
||||||
mock.Stop()
|
mock.Stop()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestClient_NoInsecure(t *testing.T) {
|
||||||
|
// Setup Mock server
|
||||||
|
mock := ServerMock{}
|
||||||
|
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
|
||||||
|
|
||||||
|
// Test / Check result
|
||||||
|
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
|
||||||
|
|
||||||
|
var client *Client
|
||||||
|
var err error
|
||||||
|
if client, err = NewClient(options); err != nil {
|
||||||
|
t.Errorf("cannot create XMPP client: %s", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if _, err = client.Connect(); err == nil {
|
||||||
|
// When insecure is not allowed:
|
||||||
|
t.Errorf("should fail as insecure connection is not allowed and server does not support TLS")
|
||||||
|
}
|
||||||
|
|
||||||
|
mock.Stop()
|
||||||
|
}
|
||||||
|
|
||||||
//=============================================================================
|
//=============================================================================
|
||||||
// Basic XMPP Server Mock Handlers.
|
// Basic XMPP Server Mock Handlers.
|
||||||
|
|
||||||
|
|
|
@ -11,4 +11,5 @@ type Options struct {
|
||||||
Lang string // TODO: should default to 'en'
|
Lang string // TODO: should default to 'en'
|
||||||
Retry int // Number of retries for connect
|
Retry int // Number of retries for connect
|
||||||
ConnectTimeout int // Connection timeout in seconds. Default to 15
|
ConnectTimeout int // Connection timeout in seconds. Default to 15
|
||||||
|
Insecure bool // set to true to allow comms without TLS
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,10 @@ func NewSession(conn net.Conn, o Options) (net.Conn, *Session, error) {
|
||||||
s.reset(conn, tlsConn, o)
|
s.reset(conn, tlsConn, o)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if !s.TlsEnabled && !o.Insecure {
|
||||||
|
return nil, nil, errors.New("failed to negotiate TLS")
|
||||||
|
}
|
||||||
|
|
||||||
// auth
|
// auth
|
||||||
s.auth(o)
|
s.auth(o)
|
||||||
s.reset(tlsConn, tlsConn, o)
|
s.reset(tlsConn, tlsConn, o)
|
||||||
|
|
Loading…
Reference in a new issue