From 80d061d2c4d3414ed9586edeba1e50b2fb607874 Mon Sep 17 00:00:00 2001
From: selfhoster1312 <selfhoster1312@kl.netlib.re>
Date: Fri, 24 Oct 2025 13:22:48 +0200
Subject: [PATCH] fix: When NoTLS is set, don't do StartTLS

---
 xmpp.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/xmpp.go b/xmpp.go
index 70a3a137..eeefc2a4 100644
--- a/xmpp.go
+++ b/xmpp.go
@@ -570,8 +570,11 @@ func (c *Client) init(o *Options) error {
 	}
 
 	// If the server requires STARTTLS, attempt to do so.
-	if f, err = c.startTLSIfRequired(f, o, domain); err != nil {
-		return err
+	// unless the client has specified NoTLS
+	if !o.NoTLS {
+		if f, err = c.startTLSIfRequired(f, o, domain); err != nil {
+			return err
+		}
 	}
 	var mechanism, channelBinding, clientFirstMessage, clientFinalMessageBare, authMessage string
 	var bind2Data, resource, userAgentSW, userAgentDev, userAgentID, fastAuth, saslUpgrade string
@@ -664,7 +667,7 @@ func (c *Client) init(o *Options) error {
 			case slices.Contains(mechSlice, "X-OAUTH2"):
 				mechanism = "X-OAUTH2"
 				// Do not use PLAIN auth if NoPlain is set.
-			case slices.Contains(mechSlice, "PLAIN") && tlsConnOK && !o.NoPLAIN:
+			case slices.Contains(mechSlice, "PLAIN") && (tlsConnOK || o.NoTLS) && !o.NoPLAIN:
 				mechanism = "PLAIN"
 			}
 		}