Backed out bug 1193494 (C-C changeset c37d201e97fa) as DIGEST-MD5 caused a regression for some users. rs=bustage-fix a=rkent
authoraleth <aleth@instantbird.org>
Tue, 26 Apr 2016 12:30:48 +0200
changeset 24528 5ea3c40618e745569d734b68ab7cebbe3d01f1ce
parent 24527 404d608565212ea62df425703bccff782ecbf693
child 24529 da197f5021a195fada66515f85089450c3afa0de
push id1639
push userkent@caspia.com
push dateTue, 17 May 2016 18:01:14 +0000
treeherdercomm-beta@93e4725bc203 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbustage-fix, rkent
bugs1193494
Backed out bug 1193494 (C-C changeset c37d201e97fa) as DIGEST-MD5 caused a regression for some users. rs=bustage-fix a=rkent
chat/protocols/xmpp/xmpp-session.jsm
--- a/chat/protocols/xmpp/xmpp-session.jsm
+++ b/chat/protocols/xmpp/xmpp-session.jsm
@@ -301,36 +301,33 @@ XMPPSession.prototype = {
 
       // Select the auth mechanism we will use. PLAIN will be treated
       // a bit differently as we want to avoid it over an unencrypted
       // connection, except if the user has explicly allowed that
       // behavior.
       let authMechanisms = this._account.authMechanisms || XMPPAuthMechanisms;
       let selectedMech = "";
       let canUsePlain = false;
-      // RFC 6120, 6.4.1: The order of <mechanism/> elements in
-      // the XML indicates the preference order of the SASL mechanisms
-      // according to the receiving entity (which is not necessarily the
-      // preference order according to the initiating entity).
-      for (let m of mechs.getChildren("mechanism")) {
+      mechs = mechs.getChildren("mechanism");
+      for each (let m in mechs) {
         let mech = m.innerText;
-        if (mech == "PLAIN") {
-          // If PLAIN is proposed, remember that it's a possibility but don't
-          // bother checking if the user allowed it until we have verified
+        if (mech == "PLAIN" && !this._encrypted) {
+          // If PLAIN is proposed over an unencrypted connection,
+          // remember that it's a possibility but don't bother
+          // checking if the user allowed it until we have verified
           // that nothing more secure is available.
           canUsePlain = true;
         }
         else if (authMechanisms.hasOwnProperty(mech)) {
           selectedMech = mech;
           break;
         }
       }
       if (!selectedMech && canUsePlain) {
-        if (this._encrypted ||
-            this._connectionSecurity == "allow_unencrypted_plain_auth")
+        if (this._connectionSecurity == "allow_unencrypted_plain_auth")
           selectedMech = "PLAIN";
         else {
           this.onError(Ci.prplIAccount.ERROR_AUTHENTICATION_IMPOSSIBLE,
                        _("connection.error.notSendingPasswordInClear"));
           return;
         }
       }
       if (!selectedMech) {