mirror of
git://git.psyced.org/git/psyced
synced 2024-08-15 03:25:10 +00:00
disallow people to expose private data by crypto downgrade
This commit is contained in:
parent
e7a194e703
commit
02d4e80119
4 changed files with 26 additions and 4 deletions
|
@ -4,6 +4,9 @@
|
|||
_warning_server_shutdown_temporary
|
||||
|Serverneustart: [_reason]
|
||||
|
||||
_error_missing_circuit_encryption
|
||||
|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration.
|
||||
|
||||
_warning_missing_circuit_encryption
|
||||
|Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
<PSYC:TEXTDB> ## vim:syntax=mail
|
||||
## Check utf-8: Praise Atatürk!
|
||||
|
||||
_error_missing_circuit_encryption
|
||||
|Your connection has downgraded from being encrypted. Please fix your configuration.
|
||||
|
||||
_warning_missing_circuit_encryption
|
||||
|Your connection is not encrypted. You are putting other people's privacy at risk!
|
||||
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
<PSYC:TEXTDB> ## vim:syntax=mail
|
||||
## tradotto al 30% ... cerca /TODO/ per continuare
|
||||
|
||||
_error_missing_circuit_encryption
|
||||
|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione.
|
||||
|
||||
_warning_missing_circuit_encryption
|
||||
|La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!
|
||||
|
||||
|
|
|
@ -28,6 +28,7 @@ volatile mixed query;
|
|||
volatile mapping tags;
|
||||
volatile int showEcho;
|
||||
volatile mixed beQuiet;
|
||||
volatile int encrypted = 0;
|
||||
|
||||
// my nickspace. used by psyctext(). could be passed as closure, but then
|
||||
// it wouldn't be available for *any* psyctext call in user objects.
|
||||
|
@ -1572,6 +1573,7 @@ logon() {
|
|||
string evil;
|
||||
|
||||
if (tls_query_connection_state(ME) == 1) {
|
||||
encrypted++;
|
||||
// evil TLS ciphers are no problem if the connection is being
|
||||
// tunneled through SSH or Tor, so we shut up in that case.
|
||||
if (probably_private(ME) < PRIVACY_REASONABLE &&
|
||||
|
@ -1583,12 +1585,23 @@ logon() {
|
|||
unless (beQuiet) w("_status_circuit_encryption_cipher");
|
||||
}
|
||||
} else if (!probably_private(ME)) {
|
||||
if (encrypted) {
|
||||
// do not allow a person to (be) downgrade(d) from TLS...
|
||||
// at least not during the lifetime of this object
|
||||
w("_error_missing_circuit_encryption"
|
||||
# ifdef _error_missing_circuit_encryption
|
||||
, _error_missing_circuit_encryption
|
||||
# endif
|
||||
);
|
||||
return remove_interactive(ME);
|
||||
} else {
|
||||
w("_warning_missing_circuit_encryption"
|
||||
# ifdef _warning_missing_circuit_encryption
|
||||
, _warning_missing_circuit_encryption
|
||||
# endif
|
||||
);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
// cannot if (greeting) here this since jabber:iq:auth depends on this
|
||||
// also greeting will only be defined after ::logon()
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue