Add insecure option to forbid connection without TLS

(Thanks to Stevie)
This commit is contained in:
Mickael Remond 2017-10-21 14:49:25 +02:00
parent 683085125c
commit d5221f1a11
No known key found for this signature in database
GPG key ID: E6F6045D79965AA3
3 changed files with 28 additions and 1 deletions

View file

@ -23,7 +23,7 @@ func TestClient_Connect(t *testing.T) {
mock.Start(t, testXMPPAddress, handlerConnectSuccess) mock.Start(t, testXMPPAddress, handlerConnectSuccess)
// Test / Check result // Test / Check result
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"} options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test", Insecure: true}
var client *Client var client *Client
var err error var err error
@ -38,6 +38,28 @@ func TestClient_Connect(t *testing.T) {
mock.Stop() mock.Stop()
} }
func TestClient_NoInsecure(t *testing.T) {
// Setup Mock server
mock := ServerMock{}
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
// Test / Check result
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
var client *Client
var err error
if client, err = NewClient(options); err != nil {
t.Errorf("cannot create XMPP client: %s", err)
}
if _, err = client.Connect(); err == nil {
// When insecure is not allowed:
t.Errorf("should fail as insecure connection is not allowed and server does not support TLS")
}
mock.Stop()
}
//============================================================================= //=============================================================================
// Basic XMPP Server Mock Handlers. // Basic XMPP Server Mock Handlers.

View file

@ -11,4 +11,5 @@ type Options struct {
Lang string // TODO: should default to 'en' Lang string // TODO: should default to 'en'
Retry int // Number of retries for connect Retry int // Number of retries for connect
ConnectTimeout int // Connection timeout in seconds. Default to 15 ConnectTimeout int // Connection timeout in seconds. Default to 15
Insecure bool // set to true to allow comms without TLS
} }

View file

@ -42,6 +42,10 @@ func NewSession(conn net.Conn, o Options) (net.Conn, *Session, error) {
s.reset(conn, tlsConn, o) s.reset(conn, tlsConn, o)
} }
if !s.TlsEnabled && !o.Insecure {
return nil, nil, errors.New("failed to negotiate TLS")
}
// auth // auth
s.auth(o) s.auth(o)
s.reset(tlsConn, tlsConn, o) s.reset(tlsConn, tlsConn, o)