DO NOT USE! Debugging build that allows connecting without TLS.

4 months ago · af0a7d6ce3
parent 459e40e9a4
commit af0a7d6ce3
1 changed files with 16 additions and 44 deletions
--- a/main.go
+++ b/main.go
@ -7,7 +7,6 @@ package main
 import (
 	"bufio"
 	"context"
-	"crypto/tls"
 	"errors"
 	"fmt"
 	"io"
@ -101,20 +100,15 @@ func main() {
 	flagUser := getopt.StringLong("username", 'u', "", "Username for XMPP account.")
 	flagPassword := getopt.StringLong("password", 'p', "", "Password for XMPP account.")
 	flagChatroom := getopt.BoolLong("chatroom", 'c', "Send message to a chatroom.")
-	flagDirectTLS := getopt.BoolLong("tls", 't', "Use direct TLS.")
 	flagAlias := getopt.StringLong("alias", 'a', "", "Set alias/nickname"+
 		"for chatrooms.")
 	flagFile := getopt.StringLong("file", 'f', "", "Set configuration file. (Default: "+
 		"~/.config/go-sendxmpp/sendxmpprc)")
 	flagMessageFile := getopt.StringLong("message", 'm', "", "Set file including the message.")
 	flagInteractive := getopt.BoolLong("interactive", 'i', "Interactive mode (for use with e.g. 'tail -f').")
-	flagSkipVerify := getopt.BoolLong("no-tls-verify", 'n',
-		"Skip verification of TLS certificates (not recommended).")
 	flagRaw := getopt.BoolLong("raw", 0, "Send raw XML.")
 	flagListen := getopt.BoolLong("listen", 'l', "Listen for messages and print them to stdout.")
 	flagTimeout := getopt.IntLong("timeout", 0, defaultTimeout, "Connection timeout in seconds.")
-	flagTLSMinVersion := getopt.IntLong("tls-version", 0, defaultTLSMinVersion,
-		"Minimal TLS version. 10 (TLSv1.0), 11 (TLSv1.1), 12 (TLSv1.2) or 13 (TLSv1.3).")
 	flagVersion := getopt.BoolLong("version", 0, "Show version information.")
 	flagMUCPassword := getopt.StringLong("muc-password", 0, "", "Password for password protected MUCs.")
 	flagOx := getopt.BoolLong("ox", 0, "Use \"OpenPGP for XMPP\" encryption (experimental).")
@ -132,6 +126,7 @@ func main() {
 	flagOOBFile := getopt.StringLong("oob-file", 0, "", "URL to send a file as out of band data.")
 	flagHeadline := getopt.BoolLong("headline", 0, "Send message as type headline.")
 	flagSCRAMPinning := getopt.StringLong("scram-mech-pinning", 0, "", "Enforce the use of a certain SCRAM authentication mechanism.")
+	flagInsecureConnect := getopt.BoolLong("insecure-connection-without-tls", 0, "Connect without any security. DO NOT USE!")

 	// Parse command line flags.
 	getopt.Parse()
@ -148,6 +143,9 @@ func main() {
 		os.Exit(0)
 		// Quit if Ox (OpenPGP for XMPP) is requested for unsupported operations like
 		// groupchat, http-upload or listening.
+	case !*flagInsecureConnect:
+		fmt.Println("This version of go-sendxmpp is connecting without any encryption. It is only meant for debugging purposes if the server is running on the same machine. DO NOT USE except you know what your doing. Use --insecure-connection-without-tls if you want to use go-sendxmpp without TLS.")
+		os.Exit(0)
 	case *flagOx && *flagHTTPUpload != "":
 		log.Fatal("No Ox support for http-upload available.")
 	case *flagOx && *flagChatroom:
@ -243,44 +241,18 @@ func main() {
 	// Timeout
 	timeout := time.Duration(*flagTimeout) * time.Second

-	// Use ALPN
-	var tlsConfig tls.Config
-	tlsConfig.ServerName = user[strings.Index(user, "@")+1:]
-	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "xmpp-client")
-	tlsConfig.InsecureSkipVerify = *flagSkipVerify
-	tlsConfig.Renegotiation = tls.RenegotiateNever
-	switch *flagTLSMinVersion {
-	case defaultTLS10:
-		tlsConfig.MinVersion = tls.VersionTLS10
-	case defaultTLS11:
-		tlsConfig.MinVersion = tls.VersionTLS11
-	case defaultTLS12:
-		tlsConfig.MinVersion = tls.VersionTLS12
-	case defaultTLS13:
-		tlsConfig.MinVersion = tls.VersionTLS13
-	default:
-		fmt.Println("Unknown TLS version.")
-		os.Exit(0)
-	}
-
 	// Set XMPP connection options.
 	options := xmpp.Options{
-		Host:        server,
-		User:        user,
-		DialTimeout: timeout,
-		Resource:    "go-sendxmpp." + getShortID(),
-		Password:    password,
-		// NoTLS doesn't mean that no TLS is used at all but that instead
-		// of using an encrypted connection to the server (direct TLS)
-		// an unencrypted connection is established. As StartTLS is
-		// set when NoTLS is set go-sendxmpp won't use unencrypted
-		// client-to-server connections.
-		// See https://pkg.go.dev/github.com/xmppo/go-xmpp#Options
-		NoTLS:     !*flagDirectTLS,
-		StartTLS:  !*flagDirectTLS,
-		Debug:     *flagDebug,
-		TLSConfig: &tlsConfig,
-		Mechanism: *flagSCRAMPinning,
+		Host:                         server,
+		User:                         user,
+		DialTimeout:                  timeout,
+		Resource:                     "go-sendxmpp." + getShortID(),
+		Password:                     password,
+		NoTLS:                        true,
+		StartTLS:                     false,
+		Debug:                        *flagDebug,
+		InsecureAllowUnencryptedAuth: true,
+		Mechanism:                    *flagSCRAMPinning,
 	}

 	// Read message from file.
@ -323,7 +295,7 @@ func main() {
 	}

 	// Connect to server.
-	client, err := connect(options, *flagDirectTLS)
+	client, err := connect(options, false)
 	if err != nil {
 		log.Fatal(err)
 	}
@ -408,7 +380,7 @@ func main() {
 	}

 	if *flagHTTPUpload != "" {
-		message, err = httpUpload(client, iqc, tlsConfig.ServerName,
+		message, err = httpUpload(client, iqc, server,
 			*flagHTTPUpload, timeout)
 		if err != nil {
 			closeAndExit(client, cancel, err)