[OTR-dev] gone_insecure callback not used

[Ian Goldberg]

On Sun, Feb 16, 2014 at 05:20:38PM +0100, Martin Milata wrote:
> Hi!
> 
> Just noticed that in libotr-4.0.0 (and current git), the gone_insecure
> callback doesn't seem to be used at all:
> 
>   $ grep -r gone_insecure *
>   src/message.h:    void (*gone_insecure)(void *opdata, ConnContext *context);
>   src/tests.c:static void op_gone_insecure(void *opdata, ConnContext *context)
>   src/tests.c:    op_gone_insecure,
> 
> Is this intentional?

That does seem like a bug, though git claims the call to gone_secure was
removed from the code back in 2005, when the OTRv2 protocol came out.

> Same with account_name and account_name_free.

Those are actually deprecated, and can be safely removed at the next
major release.  Feel free to just put NULL there.

> When requesting start of OTR session by passing "?OTR?" to
> otrl_message_sending, libotr substitutes this message by a hardcoded
> string [1]. This string is problematic because it contains newline
> characters which are used to separate individual commands in the IRC
> protocol. What is after the newline is not a valid command which makes
> the IRC server respond with an error. The string also contains HTML tags
> which are not interpreted by most IRC clients.
> 
> I'm using an ugly workaround to replace this string whenever it's
> returned by otrl_message_sending. It appears that irssi-otr tries to
> avoid this by directly sending ?OTRv23? without passing it to libotr.
> 
> Would it be possible to fix this, preferably without breaking current
> API?

Hmm, good point.  I wonder what would happen if your application just
defined its own otrl_proto_default_query_msg.  (But that's pretty evil,
to be sure.)

Suggestions as to what to do here?  The "?OTRv23?" part should be
generated by the library for sure, but the (English!) text should likely
not be in the library, except as a default.

As always, patches are welcome.  ;-)

Thanks,

   - Ian