aboutsummaryrefslogtreecommitdiff
path: root/src/main
diff options
context:
space:
mode:
authorGravatar Vitaly Takmazov2016-05-10 23:38:41 +0300
committerGravatar Vitaly Takmazov2016-05-10 23:38:41 +0300
commitc4d77b873c4deb15a968ac17998a024bd0c618d4 (patch)
treeb497115959e3d83be1a94a8b11dcf61fe45d8b8c /src/main
parent8d80768befad0246ab69d46179243079edc9a5b7 (diff)
ssl blacklist
Diffstat (limited to 'src/main')
-rw-r--r--src/main/java/com/juick/xmpp/s2s/ConnectionIn.java8
-rw-r--r--src/main/java/com/juick/xmpp/s2s/ConnectionOut.java2
-rw-r--r--src/main/java/com/juick/xmpp/s2s/XMPPComponent.java3
3 files changed, 7 insertions, 6 deletions
diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java
index a7d687d2..554d3b05 100644
--- a/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java
+++ b/src/main/java/com/juick/xmpp/s2s/ConnectionIn.java
@@ -53,7 +53,7 @@ public class ConnectionIn extends Connection implements Runnable {
}
boolean xmppversionnew = parser.getAttributeValue(null, "version") != null;
- sendOpenStream(xmppversionnew);
+ sendOpenStream(parser.getAttributeValue(null, "from"), xmppversionnew);
while (parser.next() != XmlPullParser.END_DOCUMENT) {
updateTsRemoteData();
@@ -144,7 +144,7 @@ public class ConnectionIn extends Connection implements Runnable {
closeConnection();
}
} else if (isSecured() && tag.equals("stream") && parser.getNamespace().equals(NS_STREAM)) {
- sendOpenStream(true);
+ sendOpenStream(null, true);
} else {
LOGGER.info("STREAM " + streamID + ": " + XmlUtils.parseToString(parser, true));
}
@@ -169,13 +169,13 @@ public class ConnectionIn extends Connection implements Runnable {
tsRemoteData = System.currentTimeMillis();
}
- void sendOpenStream(boolean xmppversionnew) throws IOException {
+ void sendOpenStream(String from, boolean xmppversionnew) throws IOException {
String openStream = "<?xml version='1.0'?><stream:stream xmlns='jabber:server' " +
"xmlns:stream='http://etherx.jabber.org/streams' xmlns:db='jabber:server:dialback' from='" +
XMPPComponent.HOSTNAME + "' id='" + streamID + "' version='1.0'>";
if (xmppversionnew) {
openStream += "<stream:features>";
- if (!isSecured()) {
+ if (!isSecured() && !XMPPComponent.brokenSSLhosts.contains(from)) {
openStream += "<starttls xmlns=\"" + NS_TLS + "\"><optional/></starttls>";
}
openStream += "</stream:features>";
diff --git a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java
index 8ce1b76d..68851da1 100644
--- a/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java
+++ b/src/main/java/com/juick/xmpp/s2s/ConnectionOut.java
@@ -112,7 +112,7 @@ public class ConnectionOut extends Connection implements Runnable {
XmlUtils.skip(parser);
} else if (tag.equals("features") && parser.getNamespace().equals(NS_STREAM)) {
StreamFeatures features = StreamFeatures.parse(parser);
- if (!isSecured() && features.STARTTLS >= 0) {
+ if (!isSecured() && features.STARTTLS >= 0 && !XMPPComponent.brokenSSLhosts.contains(to)) {
System.out.println("STREAM TO " + to + " " + streamID + " SECURING");
sendStanza("<starttls xmlns=\"" + NS_TLS + "\" />");
} else {
diff --git a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java
index 03a12c26..2b293fd6 100644
--- a/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java
+++ b/src/main/java/com/juick/xmpp/s2s/XMPPComponent.java
@@ -30,6 +30,7 @@ public class XMPPComponent implements ServletContextListener {
public static String STATSFILE = null;
public static String keystore;
public static String keystorePassword;
+ public static List<String> brokenSSLhosts;
public static ConnectionRouter connRouter;
static final List<ConnectionIn> inConnections = Collections.synchronizedList(new ArrayList<>());
static final List<ConnectionOut> outConnections = Collections.synchronizedList(new ArrayList<>());
@@ -163,7 +164,7 @@ public class XMPPComponent implements ServletContextListener {
STATSFILE = conf.getProperty("statsfile");
keystore = conf.getProperty("keystore");
keystorePassword = conf.getProperty("keystore_password");
-
+ brokenSSLhosts = Arrays.asList(conf.getProperty("broken_ssl_hosts", "").split(","));
Class.forName("com.mysql.jdbc.Driver");
sql = DriverManager.getConnection("jdbc:mysql://localhost/juick?autoReconnect=true&user=" +
conf.getProperty("mysql_username", "") + "&password=" + conf.getProperty("mysql_password", ""));