[telepathy-gabble/master] ¬ require-encryption ⇒ ignore-ssl-errors

[Will Thompson]

In Gabble 0.8, setting require-encryption to False implicitly set
ignore-ssl-errors to True, on the basis that if you're only using TLS
opportunistically, you don't care about most certificate errors (except
maybe revocation). There are only three combinations of these two
settings:

 • Don't care about encryption
 • Give me SSL but I don't care about certs
 • Tin-foil hat

Previously in 0.9, the two parameters were just passed as-is to Wocky,
which does not behave as described above. This patch makes Gabble
explicitly state this logic.

Reviewed-by: Sjoerd Simons <sjoerd.simons at collabora.co.uk>
---
 src/connection.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/connection.c b/src/connection.c
index 42d0acc..ecc411e 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -1834,6 +1834,12 @@ _gabble_connection_connect (TpBaseConnection *base,
       DEBUG ("letting SRV lookup decide server and port");
     }
 
+  if (!conn->priv->require_encryption && !conn->priv->ignore_ssl_errors)
+    {
+      DEBUG ("require-encryption is False; flipping ignore_ssl_errors to True");
+      conn->priv->ignore_ssl_errors = TRUE;
+    }
+
   g_object_set (priv->connector,
       "ignore-ssl-errors", priv->ignore_ssl_errors,
       "old-ssl", priv->old_ssl,
-- 
1.5.6.5