diff --git a/src/common/config.py b/src/common/config.py index 7816e616d..721acb180 100644 --- a/src/common/config.py +++ b/src/common/config.py @@ -277,7 +277,8 @@ class Config: 'gpg_sign_presence': [ opt_bool, True, _('If disabled, don\'t sign presences with GPG key, even if GPG is configured.') ], 'keyname': [ opt_str, '', '', True ], 'connection_types': [ opt_str, 'tls ssl plain', _('Ordered list (space separated) of connection type to try. Can contain tls, ssl or plain')], - 'warn_when_insecure_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an insecure connection.') ], + 'warn_when_plaintext_connection': [ opt_bool, True, _('Show a warning dialog before sending password on an plaintext connection.') ], + 'warn_when_insecure_ssl_connection': [ opt_bool, True, _('Show a warning dialog before using standard SSL library.') ], 'ssl_fingerprint_sha1': [ opt_str, '', '', True ], 'ignore_ssl_errors': [ opt_str, '', _('Space separated list of ssl errors to ignore.') ], 'use_srv': [ opt_bool, True, '', True ], diff --git a/src/common/connection.py b/src/common/connection.py index 420944c9e..12779292a 100644 --- a/src/common/connection.py +++ b/src/common/connection.py @@ -614,9 +614,15 @@ class Connection(ConnectionHandlers): self.connect_to_next_type() return if _con_type == 'plain' and gajim.config.get_per('accounts', self.name, - 'warn_when_insecure_connection'): + 'warn_when_plaintext_connection'): self.dispatch('PLAIN_CONNECTION', (con,)) return True + if _con_type in ('tls', 'ssl') and not hasattr(con.Connection, + '_sslcontext') and gajim.config.get_per('accounts', self.name, + 'warn_when_insecure_ssl_connection'): + # Pyopenssl is not used + self.dispatch('INSECURE_SSL_CONNECTION', (con, _con_type)) + return True return self.connection_accepted(con, con_type) def connection_accepted(self, con, con_type): diff --git a/src/config.py b/src/config.py index 4e4c49161..6ee98ed04 100644 --- a/src/config.py +++ b/src/config.py @@ -1566,10 +1566,10 @@ class AccountsWindow: use_env_http_proxy) self.xml.get_widget('proxy_hbox1').set_sensitive(not use_env_http_proxy) - warn_when_insecure = gajim.config.get_per('accounts', account, - 'warn_when_insecure_connection') + warn_when_insecure_ssl = gajim.config.get_per('accounts', account, + 'warn_when_insecure_ssl_connection') self.xml.get_widget('warn_when_insecure_connection_checkbutton1').\ - set_active(warn_when_insecure) + set_active(warn_when_insecure_ssl) self.xml.get_widget('send_keepalive_checkbutton1').set_active( gajim.config.get_per('accounts', account, 'keep_alives_enabled')) @@ -1939,7 +1939,7 @@ class AccountsWindow: if self.ignore_events: return - self.on_checkbutton_toggled(widget, 'warn_when_insecure_connection', + self.on_checkbutton_toggled(widget, 'warn_when_insecure_ssl_connection', account=self.current_account) def on_send_keepalive_checkbutton1_toggled(self, widget): diff --git a/src/gajim.py b/src/gajim.py index a65bee6a7..48484c8c5 100755 --- a/src/gajim.py +++ b/src/gajim.py @@ -1933,20 +1933,48 @@ class Interface: def handle_event_plain_connection(self, account, data): # ('PLAIN_CONNECTION', account, (connection)) server = gajim.config.get_per('accounts', account, 'hostname') - def on_yes(is_checked): - if is_checked: + def on_ok(is_checked): + if not is_checked[0]: + on_cancel() + return + if is_checked[1]: gajim.config.set_per('accounts', account, - 'warn_when_insecure_connection', False) + 'warn_when_plaintext_connection', False) gajim.connections[account].connection_accepted(data[0], 'tcp') - def on_no(): + def on_cancel(): + gajim.connections[account].disconnect(on_purpose=True) + self.handle_event_status(account, 'offline') + pritext = _('Insecure connection') + sectext = _('You are about to send your password on an unencrypted ' + 'connection. Are you sure you want to do that?') + checktext1 = _('Yes, I really want to connect insecurely') + checktext2 = _('Do _not ask me again') + dialog = dialogs.ConfirmationDialogDubbleCheck(pritext, sectext, + checktext1, checktext2, on_response_ok=on_ok, + on_response_cancel=on_cancel, is_modal=False) + + def handle_event_insecure_ssl_connection(self, account, data): + # ('INSECURE_SSL_CONNECTION', account, (connection, connection_type)) + server = gajim.config.get_per('accounts', account, 'hostname') + def on_ok(is_checked): + if not is_checked[0]: + on_cancel() + return + if is_checked[1]: + gajim.config.set_per('accounts', account, + 'warn_when_insecure_ssl_connection', False) + gajim.connections[account].connection_accepted(data[0], data[1]) + def on_cancel(): gajim.connections[account].disconnect(on_purpose=True) self.handle_event_status(account, 'offline') pritext = _('Insecure connection') sectext = _('You are about to send your password on an insecure ' - 'connection. Are you sure you want to do that?') - checktext = _('Do _not ask me again') - dialog = dialogs.YesNoDialog(pritext, sectext, checktext, - on_response_yes=on_yes, on_response_no=on_no) + 'connection. You should install PyOpenSSL to prevent that. Are you sure you want to do that?') + checktext1 = _('Yes, I really want to connect insecurely') + checktext2 = _('Do _not ask me again') + dialog = dialogs.ConfirmationDialogDubbleCheck(pritext, sectext, + checktext1, checktext2, on_response_ok=on_ok, + on_response_cancel=on_cancel, is_modal=False) def handle_event_pubsub_node_removed(self, account, data): # ('PUBSUB_NODE_REMOVED', account, (jid, node)) @@ -2037,6 +2065,7 @@ class Interface: 'SSL_ERROR': self.handle_event_ssl_error, 'FINGERPRINT_ERROR': self.handle_event_fingerprint_error, 'PLAIN_CONNECTION': self.handle_event_plain_connection, + 'INSECURE_SSL_CONNECTION': self.handle_event_insecure_ssl_connection, 'PUBSUB_NODE_REMOVED': self.handle_event_pubsub_node_removed, 'PUBSUB_NODE_NOT_REMOVED': self.handle_event_pubsub_node_not_removed, }