From 91a38887a2c9abddac4f70148219b60a71c8ade0 Mon Sep 17 00:00:00 2001 From: James Lu Date: Tue, 19 Jun 2018 11:59:42 -0700 Subject: [PATCH] Socket: suppress "not using TLS" errors on loopback addresses This is a refined version of #1317. --- src/drivers/Socket.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/drivers/Socket.py b/src/drivers/Socket.py index d93e555cf..dcff73230 100644 --- a/src/drivers/Socket.py +++ b/src/drivers/Socket.py @@ -40,6 +40,12 @@ import errno import select import socket +try: + import ipaddress +except ImportError: + # Python < 3.3 + ipaddress = None + from .. import (conf, drivers, log, utils, world) from ..utils import minisix from ..utils.str import decode_raw_line @@ -53,7 +59,6 @@ except: class SSLError(Exception): pass - class SocketDriver(drivers.IrcDriver, drivers.ServersMixin): _instances = [] _selecting = [False] # We want it to be mutable. @@ -279,7 +284,9 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin): self.conn.connect((address, port)) if network_config.ssl(): self.starttls() - elif not network_config.requireStarttls(): + elif (not network_config.requireStarttls()) and \ + # Suppress this warning for loopback IPs. + (ipaddress is None or not ipaddress.ip_address(address).is_loopback): drivers.log.warning(('Connection to network %s ' 'does not use SSL/TLS, which makes it vulnerable to ' 'man-in-the-middle attacks and passive eavesdropping. '