Socket: suppress "not using TLS" errors on loopback addresses

This is a refined version of #1317.
2024-10-04 18:38:39 +02:00 · 2018-06-19 11:59:42 -07:00 · 2018-06-19 11:59:42 -07:00 · 91a38887a2
commit 91a38887a2
parent 36309ad1dc
1 changed files with 9 additions and 2 deletions
--- a/src/drivers/Socket.py
+++ b/src/drivers/Socket.py
@ -40,6 +40,12 @@ import errno
 import select
 import socket

+try:
+    import ipaddress
+except ImportError:
+    # Python < 3.3
+    ipaddress = None
+
 from .. import (conf, drivers, log, utils, world)
 from ..utils import minisix
 from ..utils.str import decode_raw_line
@ -53,7 +59,6 @@ except:
    class SSLError(Exception):
        pass

-
 class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
    _instances = []
    _selecting = [False] # We want it to be mutable.
@ -279,7 +284,9 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
            self.conn.connect((address, port))
            if network_config.ssl():
                self.starttls()
-            elif not network_config.requireStarttls():
+            elif (not network_config.requireStarttls()) and \
+                    # Suppress this warning for loopback IPs.
+                    (ipaddress is None or not ipaddress.ip_address(address).is_loopback):
                drivers.log.warning(('Connection to network %s '
                    'does not use SSL/TLS, which makes it vulnerable to '
                    'man-in-the-middle attacks and passive eavesdropping. '