Drop STARTTLS support, it complicates the connection initialization too much.

This commit is contained in:
Valentin Lorentz 2018-01-24 09:27:39 +01:00
parent e732931688
commit 7e98802809
3 changed files with 9 additions and 26 deletions

View File

@ -346,9 +346,7 @@ def registerNetwork(name, password='', ssl=True, sasl_username='',
registry.String('', _("""A certificate that is trusted to verify registry.String('', _("""A certificate that is trusted to verify
certificates of this network (aka. Certificate Authority)."""))) certificates of this network (aka. Certificate Authority).""")))
registerGlobalValue(network, 'requireStarttls', registry.Boolean(False, registerGlobalValue(network, 'requireStarttls', registry.Boolean(False,
_("""Determines whether the bot will connect in plain text to %s _("""Deprecated config value, keep it to False.""")))
but require STARTTLS before authentication. This is ignored if the
connection already uses SSL.""") % name))
registerGlobalValue(network, 'certfile', registry.String('', registerGlobalValue(network, 'certfile', registry.String('',
_("""Determines what certificate file (if any) the bot will use to _("""Determines what certificate file (if any) the bot will use to

View File

@ -990,6 +990,14 @@ class Irc(IrcCommandDispatcher, log.Firewalled):
self.capNegociationEnded = False self.capNegociationEnded = False
self.requireStarttls = not network_config.ssl() and \ self.requireStarttls = not network_config.ssl() and \
network_config.requireStarttls() network_config.requireStarttls()
if self.requireStarttls:
log.error(('STARTTLS is no longer supported. Set '
'supybot.networks.%s.requireStarttls to False '
'to disable it, and use supybot.networks.%s.ssl '
'instead.') % (self.network, self.network))
self.driver.die()
self._reallyDie()
return
self.resetSasl() self.resetSasl()
def resetSasl(self): def resetSasl(self):
@ -1036,23 +1044,8 @@ class Irc(IrcCommandDispatcher, log.Firewalled):
self.sendMsg(ircmsgs.IrcMsg(command='CAP', args=('LS', '302'))) self.sendMsg(ircmsgs.IrcMsg(command='CAP', args=('LS', '302')))
if self.requireStarttls:
self.sendMsg(ircmsgs.IrcMsg(command='STARTTLS'))
else:
self.sendAuthenticationMessages() self.sendAuthenticationMessages()
def do670(self, irc, msg):
"""STARTTLS accepted."""
log.info('%s: Starting TLS session.', self.network)
self.requireStarttls = False
self.driver.starttls()
self.sendAuthenticationMessages()
def do691(self, irc, msg):
"""STARTTLS refused."""
log.error('%s: Server refused STARTTLS: %s', self.network, msg.args[0])
self.feedMsg(ircmsgs.error('STARTTLS upgrade refused by the server'))
self.driver.reconnect()
def sendAuthenticationMessages(self): def sendAuthenticationMessages(self):
# Notes: # Notes:
# * using sendMsg instead of queueMsg because these messages cannot # * using sendMsg instead of queueMsg because these messages cannot
@ -1282,13 +1275,6 @@ class Irc(IrcCommandDispatcher, log.Firewalled):
s = self.state.capabilities_ls['sasl'] s = self.state.capabilities_ls['sasl']
if s is not None: if s is not None:
self.filterSaslMechanisms(set(s.split(','))) self.filterSaslMechanisms(set(s.split(',')))
if 'starttls' not in self.state.capabilities_ls and \
self.requireStarttls:
log.error('%s: Server does not support STARTTLS.', self.network)
self.feedMsg(ircmsgs.error('STARTTLS upgrade not supported '
'by the server'))
self.die()
return
# NOTE: Capabilities are requested in alphabetic order, because # NOTE: Capabilities are requested in alphabetic order, because
# sets are unordered, and their "order" is nondeterministic. # sets are unordered, and their "order" is nondeterministic.
# This is needed for the tests. # This is needed for the tests.

View File

@ -374,7 +374,6 @@ class IrcStateTestCase(SupyTestCase):
st = irclib.IrcState() st = irclib.IrcState()
self.assert_(st.addMsg(self.irc, ircmsgs.IrcMsg('MODE foo +i')) or 1) self.assert_(st.addMsg(self.irc, ircmsgs.IrcMsg('MODE foo +i')) or 1)
class IrcTestCase(SupyTestCase): class IrcTestCase(SupyTestCase):
def setUp(self): def setUp(self):
self.irc = irclib.Irc('test') self.irc = irclib.Irc('test')