nbxmpp client is not configured when reconnecting from SSLErrorDialog
Versions
- OS: Fedora
- Gajim version: Current master (3acc01e2)
- GTK version: gtk3-3.24.38-1.fc38.x86_64
- Python-nbxmpp version: Current master (92dc358)
Steps to reproduce the problem
- Attempt to connect to a server with an expired certificate
- Click the red "Connect" button on the resulting error dialog to continue
Expected behavior
The connection is retried using the appropriate password, proxy, SASL etc settings.
Actual behavior
Gajim attempts to connect directly (ignoring the configured proxy) and fails with a password prompt when challenged by the server for credentials.
When the connection fails with domain StreamError.BAD_CERTIFICATE
, Gajim tears down the current nbxmpp client instance (see client.py:288
, :298
). Clicking the "Connect" button in the resulting SSLErrorDialog
results in a call to Client.connect
without the new nbxmpp client instance being configured by Client._prepare_for_connect()
(see ssl_error_dialog.py:97
).
This has the annoying result of getting stuck in a TLS error/password prompt loop, and the more alarming result of things like the configured Tor proxy settings being ignored in favour of a direct connection.
The following rough patch fixes the problem, although it's mainly meant to be illustrative:
diff --git a/gajim/common/client.py b/gajim/common/client.py
index 0cb217425..70da7bcd7 100644
--- a/gajim/common/client.py
+++ b/gajim/common/client.py
@@ -521,7 +521,7 @@ def _send_message(self, message: OutgoingMessage) -> None:
msg_log_id=log_line_id,
play_sound=message.play_sound))
- def _prepare_for_connect(self) -> None:
+ def _prepare_for_connect(self, ignored_tls_errors: IgnoredTlsErrorsT = None) -> None:
custom_host = get_custom_host(self._account)
if custom_host is not None:
self._client.set_custom_host(*custom_host)
@@ -547,7 +547,7 @@ def _prepare_for_connect(self) -> None:
password = passwords.get_password(self._account)
self._client.set_password(password)
- self.connect()
+ self.connect(ignored_tls_errors=ignored_tls_errors)
def connect(self, ignored_tls_errors: IgnoredTlsErrorsT = None) -> None:
if self._state not in (ClientState.DISCONNECTED,
diff --git a/gajim/gtk/ssl_error_dialog.py b/gajim/gtk/ssl_error_dialog.py
index 04b6366c3..6643d94b4 100644
--- a/gajim/gtk/ssl_error_dialog.py
+++ b/gajim/gtk/ssl_error_dialog.py
@@ -94,4 +94,4 @@ def _on_connect_clicked(self, _button: Gtk.Button) -> None:
self._ignored_errors.add(Gio.TlsCertificateFlags.EXPIRED)
self.destroy()
- self._client.connect(ignored_tls_errors=self._ignored_errors)
+ self._client._prepare_for_connect(ignored_tls_errors=self._ignored_errors)