Bug 1268081: Backed out bug 1193494 (changeset c37d201e97fa) as DIGEST-MD5 caused a regression for some users. rs=bustage-fix a=rkent THUNDERBIRD452b1_2016051723_RELBRANCH
authoraleth <aleth@instantbird.org>
Tue, 26 Apr 2016 12:30:48 +0200
branchTHUNDERBIRD452b1_2016051723_RELBRANCH
changeset 27105 bd007e31d0180274d70081bf765a0e4f3105d31e
parent 27104 2120129100d86e0ece6772ff9a9649206c51a835
child 27106 41c4bde6ff71db7b3725b0c7394cdb97e61f21ea
push id1850
push userclokep@gmail.com
push dateWed, 08 Mar 2017 19:29:12 +0000
treeherdercomm-esr52@028df196b2d9 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbustage-fix, rkent
bugs1268081, 1193494
Bug 1268081: Backed out bug 1193494 (changeset c37d201e97fa) as DIGEST-MD5 caused a regression for some users. rs=bustage-fix a=rkent
chat/protocols/xmpp/xmpp-session.jsm
--- a/chat/protocols/xmpp/xmpp-session.jsm
+++ b/chat/protocols/xmpp/xmpp-session.jsm
@@ -301,36 +301,33 @@ XMPPSession.prototype = {
 
       // Select the auth mechanism we will use. PLAIN will be treated
       // a bit differently as we want to avoid it over an unencrypted
       // connection, except if the user has explicly allowed that
       // behavior.
       let authMechanisms = this._account.authMechanisms || XMPPAuthMechanisms;
       let selectedMech = "";
       let canUsePlain = false;
-      // RFC 6120, 6.4.1: The order of <mechanism/> elements in
-      // the XML indicates the preference order of the SASL mechanisms
-      // according to the receiving entity (which is not necessarily the
-      // preference order according to the initiating entity).
-      for (let m of mechs.getChildren("mechanism")) {
+      mechs = mechs.getChildren("mechanism");
+      for each (let m in mechs) {
         let mech = m.innerText;
-        if (mech == "PLAIN") {
-          // If PLAIN is proposed, remember that it's a possibility but don't
-          // bother checking if the user allowed it until we have verified
+        if (mech == "PLAIN" && !this._encrypted) {
+          // If PLAIN is proposed over an unencrypted connection,
+          // remember that it's a possibility but don't bother
+          // checking if the user allowed it until we have verified
           // that nothing more secure is available.
           canUsePlain = true;
         }
         else if (authMechanisms.hasOwnProperty(mech)) {
           selectedMech = mech;
           break;
         }
       }
       if (!selectedMech && canUsePlain) {
-        if (this._encrypted ||
-            this._connectionSecurity == "allow_unencrypted_plain_auth")
+        if (this._connectionSecurity == "allow_unencrypted_plain_auth")
           selectedMech = "PLAIN";
         else {
           this.onError(Ci.prplIAccount.ERROR_AUTHENTICATION_IMPOSSIBLE,
                        _("connection.error.notSendingPasswordInClear"));
           return;
         }
       }
       if (!selectedMech) {