warn before connecting without PyOpenSSL. fixes #4065

src/common/config.py

@@ -277,7 +277,8 @@ class Config:
 			'gpg_sign_presence': [ opt_bool, True, _('If disabled, don\'t sign presences with GPG key, even if GPG is configured.') ],
 			'keyname': [ opt_str, '', '', True ],
 			'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')],
-			'warn_when_insecure_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an insecure connection.') ],
+			'warn_when_plaintext_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an plaintext connection.') ],
+			'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ],
 			'ssl_fingerprint_sha1': [ opt_str, '', '', True ],
 			'ignore_ssl_errors': [ opt_str, '', _('Space separated list of ssl errors to ignore.') ],
 			'use_srv': [ opt_bool, True, '', True ],

src/common/connection.py

@@ -614,9 +614,15 @@ class Connection(ConnectionHandlers):
 			self.connect_to_next_type()
 			return
 		if _con_type == 'plain' and gajim.config.get_per('accounts', self.name,
-		'warn_when_insecure_connection'):
+		'warn_when_plaintext_connection'):
 			self.dispatch('PLAIN_CONNECTION', (con,))
 			return True
+		if _con_type in ('tls', 'ssl') and not hasattr(con.Connection,
+		'_sslcontext') and gajim.config.get_per('accounts', self.name,
+		'warn_when_insecure_ssl_connection'):
+			# Pyopenssl is not used
+			self.dispatch('INSECURE_SSL_CONNECTION', (con, _con_type))
+			return True
 		return self.connection_accepted(con, con_type)
 
 	def connection_accepted(self, con, con_type):

src/config.py

@@ -1566,10 +1566,10 @@ class AccountsWindow:
 			use_env_http_proxy)
 		self.xml.get_widget('proxy_hbox1').set_sensitive(not use_env_http_proxy)
 
-		warn_when_insecure = gajim.config.get_per('accounts', account,
-			'warn_when_insecure_connection')
+		warn_when_insecure_ssl = gajim.config.get_per('accounts', account,
+			'warn_when_insecure_ssl_connection')
 		self.xml.get_widget('warn_when_insecure_connection_checkbutton1').\
-			set_active(warn_when_insecure)
+			set_active(warn_when_insecure_ssl)
 
 		self.xml.get_widget('send_keepalive_checkbutton1').set_active(
 			gajim.config.get_per('accounts', account, 'keep_alives_enabled'))
@@ -1939,7 +1939,7 @@ class AccountsWindow:
 		if self.ignore_events:
 			return
 
-		self.on_checkbutton_toggled(widget, 'warn_when_insecure_connection',
+		self.on_checkbutton_toggled(widget, 'warn_when_insecure_ssl_connection',
 			account=self.current_account)
 
 	def on_send_keepalive_checkbutton1_toggled(self, widget):

src/gajim.py

@@ -1933,20 +1933,48 @@ class Interface:
 	def handle_event_plain_connection(self, account, data):
 		# ('PLAIN_CONNECTION', account, (connection))
 		server = gajim.config.get_per('accounts', account, 'hostname')
-		def on_yes(is_checked):
-			if is_checked:
+		def on_ok(is_checked):
+			if not is_checked[0]:
+				on_cancel()
+				return
+			if is_checked[1]:
 				gajim.config.set_per('accounts', account,
-					'warn_when_insecure_connection', False)
+					'warn_when_plaintext_connection', False)
 			gajim.connections[account].connection_accepted(data[0], 'tcp')
-		def on_no():
+		def on_cancel():
+			gajim.connections[account].disconnect(on_purpose=True)
+			self.handle_event_status(account, 'offline')
+		pritext = _('Insecure connection')
+		sectext = _('You are about to send your password on an unencrypted '
+			'connection. Are you sure you want to do that?')
+		checktext1 = _('Yes, I really want to connect insecurely')
+		checktext2 = _('Do _not ask me again')
+		dialog = dialogs.ConfirmationDialogDubbleCheck(pritext, sectext,
+			checktext1, checktext2, on_response_ok=on_ok,
+			on_response_cancel=on_cancel, is_modal=False)
+
+	def handle_event_insecure_ssl_connection(self, account, data):
+		# ('INSECURE_SSL_CONNECTION', account, (connection, connection_type))
+		server = gajim.config.get_per('accounts', account, 'hostname')
+		def on_ok(is_checked):
+			if not is_checked[0]:
+				on_cancel()
+				return
+			if is_checked[1]:
+				gajim.config.set_per('accounts', account,
+					'warn_when_insecure_ssl_connection', False)
+			gajim.connections[account].connection_accepted(data[0], data[1])
+		def on_cancel():
 			gajim.connections[account].disconnect(on_purpose=True)
 			self.handle_event_status(account, 'offline')
 		pritext = _('Insecure connection')
 		sectext = _('You are about to send your password on an insecure '
-			'connection. Are you sure you want to do that?')
-		checktext = _('Do _not ask me again')
-		dialog = dialogs.YesNoDialog(pritext, sectext, checktext,
-			on_response_yes=on_yes, on_response_no=on_no)
+			'connection. You should install PyOpenSSL to prevent that. Are you sure you want to do that?')
+		checktext1 = _('Yes, I really want to connect insecurely')
+		checktext2 = _('Do _not ask me again')
+		dialog = dialogs.ConfirmationDialogDubbleCheck(pritext, sectext,
+			checktext1, checktext2, on_response_ok=on_ok,
+			on_response_cancel=on_cancel, is_modal=False)
 
 	def handle_event_pubsub_node_removed(self, account, data):
 		# ('PUBSUB_NODE_REMOVED', account, (jid, node))
@@ -2037,6 +2065,7 @@ class Interface:
 			'SSL_ERROR': self.handle_event_ssl_error,
 			'FINGERPRINT_ERROR': self.handle_event_fingerprint_error,
 			'PLAIN_CONNECTION': self.handle_event_plain_connection,
+			'INSECURE_SSL_CONNECTION': self.handle_event_insecure_ssl_connection,
 			'PUBSUB_NODE_REMOVED': self.handle_event_pubsub_node_removed,
 			'PUBSUB_NODE_NOT_REMOVED': self.handle_event_pubsub_node_not_removed,
 		}