Add insecure option to forbid connection without TLS
(Thanks to Stevie)
This commit is contained in:
parent
683085125c
commit
d5221f1a11
|
@ -23,7 +23,7 @@ func TestClient_Connect(t *testing.T) {
|
|||
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
|
||||
|
||||
// Test / Check result
|
||||
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
|
||||
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test", Insecure: true}
|
||||
|
||||
var client *Client
|
||||
var err error
|
||||
|
@ -38,6 +38,28 @@ func TestClient_Connect(t *testing.T) {
|
|||
mock.Stop()
|
||||
}
|
||||
|
||||
func TestClient_NoInsecure(t *testing.T) {
|
||||
// Setup Mock server
|
||||
mock := ServerMock{}
|
||||
mock.Start(t, testXMPPAddress, handlerConnectSuccess)
|
||||
|
||||
// Test / Check result
|
||||
options := Options{Address: testXMPPAddress, Jid: "test@localhost", Password: "test"}
|
||||
|
||||
var client *Client
|
||||
var err error
|
||||
if client, err = NewClient(options); err != nil {
|
||||
t.Errorf("cannot create XMPP client: %s", err)
|
||||
}
|
||||
|
||||
if _, err = client.Connect(); err == nil {
|
||||
// When insecure is not allowed:
|
||||
t.Errorf("should fail as insecure connection is not allowed and server does not support TLS")
|
||||
}
|
||||
|
||||
mock.Stop()
|
||||
}
|
||||
|
||||
//=============================================================================
|
||||
// Basic XMPP Server Mock Handlers.
|
||||
|
||||
|
|
|
@ -11,4 +11,5 @@ type Options struct {
|
|||
Lang string // TODO: should default to 'en'
|
||||
Retry int // Number of retries for connect
|
||||
ConnectTimeout int // Connection timeout in seconds. Default to 15
|
||||
Insecure bool // set to true to allow comms without TLS
|
||||
}
|
||||
|
|
|
@ -42,6 +42,10 @@ func NewSession(conn net.Conn, o Options) (net.Conn, *Session, error) {
|
|||
s.reset(conn, tlsConn, o)
|
||||
}
|
||||
|
||||
if !s.TlsEnabled && !o.Insecure {
|
||||
return nil, nil, errors.New("failed to negotiate TLS")
|
||||
}
|
||||
|
||||
// auth
|
||||
s.auth(o)
|
||||
s.reset(tlsConn, tlsConn, o)
|
||||
|
|
Loading…
Reference in a new issue