[Bug 38719] New: Enable require-encryption by default

Mon Jun 27 18:34:26 CEST 2011

https://bugs.freedesktop.org/show_bug.cgi?id=38719

           Summary: Enable require-encryption by default
           Product: Telepathy
           Version: git master
          Platform: Other
               URL: http://cgit.collabora.com/git/user/wjt/telepathy-gabbl
                    e-wjt.git/log/?h=encryption
        OS/Version: All
            Status: NEW
          Keywords: patch
          Severity: normal
          Priority: medium
         Component: gabble
        AssignedTo: telepathy-bugs at lists.freedesktop.org
        ReportedBy: will.thompson at collabora.co.uk
         QAContact: telepathy-bugs at lists.freedesktop.org

It's 2011, every XMPP server worth its salt supports starttls, and we have
interactive certificate verification. I think it's time for Gabble to enable
require-encryption by default.

How does this change its behaviour? With require-encryption = False, it would
<starttls/> if at all possible; if the certificate was untrusted, and the
ServerTLSChannel is Close()d (because there's no handler), then Gabble would
allow the connection to continue anyway, because the <starttls/> was
opportunistic. With require-encryption = True and ignore-ssl-errors = False
(the default), this will make the connection attempt fail.

I propose making this change in the unstable branch, because it'll break people
if we put it in the stable branch.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.