Add insecure option to forbid connection without TLS

(Thanks to Stevie)

xmpp/client_test.go

@@ -23,7 +23,7 @@ func TestClient_Connect(t *testing.T) {
 	mock.Start(t, testXMPPAddress, handlerConnectSuccess)
 
 	// Test / Check result
-	options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
+	options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test", Insecure: true}
 
 	var client *Client
 	var err error
@@ -38,6 +38,28 @@ func TestClient_Connect(t *testing.T) {
 	mock.Stop()
 }
 
+func TestClient_NoInsecure(t *testing.T) {
+	// Setup Mock server
+	mock := ServerMock{}
+	mock.Start(t, testXMPPAddress, handlerConnectSuccess)
+
+	// Test / Check result
+	options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
+
+	var client *Client
+	var err error
+	if client, err = NewClient(options); err != nil {
+		t.Errorf("cannot create XMPP client: %s", err)
+	}
+
+	if _, err = client.Connect(); err == nil {
+		// When insecure is not allowed:
+		t.Errorf("should fail as insecure connection is not allowed and server does not support TLS")
+	}
+
+	mock.Stop()
+}
+
 //=============================================================================
 // Basic XMPP Server Mock Handlers.
 

xmpp/options.go

@@ -11,4 +11,5 @@ type Options struct {
 	Lang           string   // TODO: should default to 'en'
 	Retry          int      // Number of retries for connect
 	ConnectTimeout int      // Connection timeout in seconds. Default to 15
+	Insecure       bool     // set to true to allow comms without TLS
 }

xmpp/session.go

@@ -42,6 +42,10 @@ func NewSession(conn net.Conn, o Options) (net.Conn, *Session, error) {
 		s.reset(conn, tlsConn, o)
 	}
 
+	if !s.TlsEnabled && !o.Insecure {
+		return nil, nil, errors.New("failed to negotiate TLS")
+	}
+
 	// auth
 	s.auth(o)
 	s.reset(tlsConn, tlsConn, o)