mirror of
https://github.com/Mikaela/Limnoria.git
synced 2025-01-11 20:52:42 +01:00
Merge remote-tracking branch 'origin/patch-1' into drivers/logging
Conflicts: src/drivers/Socket.py
This commit is contained in:
commit
afc8d828b2
@ -17,7 +17,7 @@ Master branch: [![Build Status (master branch)](https://travis-ci.org/ProgVal/Li
|
||||
Testing branch: [![Build Status (testing branch)](https://travis-ci.org/ProgVal/Limnoria.png?branch=testing)](https://travis-ci.org/ProgVal/Limnoria)
|
||||
|
||||
Limnoria supports CPython 2.6, 2.7, 3.2, 3.3, 3.4, 3.5, nightly;
|
||||
and Pypy 2 and 3. It works best with CPython 3.3 and higher.
|
||||
and Pypy 2 and 3. It works best with CPython 3.4 and higher.
|
||||
Python 2.5 and older versions are not supported.
|
||||
|
||||
# Support
|
||||
|
@ -663,7 +663,7 @@ class Channel(callbacks.Plugin):
|
||||
|
||||
@internationalizeDocstring
|
||||
def remove(self, irc, msg, args, channel, banmask):
|
||||
"""[<channel>] <hostmask>
|
||||
"""[<channel>] <nick|hostmask>
|
||||
|
||||
If you have the #channel,op capability, this will remove the
|
||||
persistent ignore on <hostmask> in the channel. <channel> is only
|
||||
@ -676,7 +676,7 @@ class Channel(callbacks.Plugin):
|
||||
irc.replySuccess()
|
||||
except KeyError:
|
||||
irc.error(_('There are no ignores for that hostmask.'))
|
||||
remove = wrap(remove, ['op', 'hostmask'])
|
||||
remove = wrap(remove, ['op', 'banmask'])
|
||||
|
||||
@internationalizeDocstring
|
||||
def list(self, irc, msg, args, channel):
|
||||
|
13
setup.py
13
setup.py
@ -237,10 +237,13 @@ setup(
|
||||
)
|
||||
|
||||
if sys.version_info < (2, 7, 9):
|
||||
sys.stderr.write('+------------------------------------------------+\n')
|
||||
sys.stderr.write('| Running Limnoria on Python versions older than |\n')
|
||||
sys.stderr.write('| 2.7.9 is deprecated. |\n')
|
||||
sys.stderr.write('| Please consider upgrading to Python 3.x. |\n')
|
||||
sys.stderr.write('+------------------------------------------------+\n')
|
||||
sys.stderr.write('+-----------------------------------------------------+\n')
|
||||
sys.stderr.write('| Running Limnoria on Python versions older than |\n')
|
||||
sys.stderr.write('| 2.7.9 is deprecated. |\n')
|
||||
sys.stderr.write('| Please consider upgrading to Python 3.4 or greater. |\n')
|
||||
sys.stderr.write('+-----------------------------------------------------+\n')
|
||||
sys.stderr.write('\n')
|
||||
sys.stderr.write('See <http://doc.supybot.aperio.fr/en/latest/use/faq.html#how-to-make-limnoria-use-python-3-instead-of-python-2>\n')
|
||||
sys.stderr.write('\n')
|
||||
|
||||
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:
|
||||
|
11
src/conf.py
11
src/conf.py
@ -210,7 +210,7 @@ class VersionIfEmpty(registry.String):
|
||||
def __call__(self):
|
||||
ret = registry.String.__call__(self)
|
||||
if not ret:
|
||||
ret = 'Supybot %s' % version
|
||||
ret = 'Limnoria %s' % version
|
||||
return ret
|
||||
|
||||
registerGlobalValue(supybot, 'user',
|
||||
@ -329,6 +329,9 @@ def registerNetwork(name, password='', ssl=True, sasl_username='',
|
||||
of fingerprints of trusted certificates for this network.
|
||||
If non-empty, Certification Authority signatures will not be used to
|
||||
verify certificates.""")))
|
||||
registerGlobalValue(network.ssl, 'authorityCertificate',
|
||||
registry.String('', _("""A certificate that is trusted to verify
|
||||
certificates of this network (aka. Certificate Authority).""")))
|
||||
registerGlobalValue(network, 'requireStarttls', registry.Boolean(False,
|
||||
_("""Determines whether the bot will connect in plain text to %s
|
||||
but require STARTTLS before authentication. This is ignored if the
|
||||
@ -1176,10 +1179,8 @@ utils.web.proxy = supybot.protocols.http.proxy
|
||||
registerGroup(supybot.protocols, 'ssl')
|
||||
registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates',
|
||||
registry.Boolean(False, _("""Determines whether server certificates
|
||||
will be verified. Valid values are "required", "optional", and "none".
|
||||
The default and recommended setting is "required", which checks the
|
||||
server certificate is signed by a known Certificate Authority, and
|
||||
aborts the connection if it is not.""")))
|
||||
will be verified, which checks whether the server certificate is signed
|
||||
by a known certificate authority, and aborts the connection if it is not.""")))
|
||||
|
||||
|
||||
###
|
||||
|
@ -373,8 +373,11 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
|
||||
certfile=certfile,
|
||||
verify=verifyCertificates,
|
||||
trusted_fingerprints=network_config.ssl.serverFingerprints(),
|
||||
ca_file=network_config.ssl.authorityCertificate(),
|
||||
)
|
||||
except ssl.CertificateError as e:
|
||||
except getattr(ssl, 'CertificateError', None) as e:
|
||||
# Default to None for old Python version, which do not have
|
||||
# CertificateError
|
||||
drivers.log.error(('Certificate validation failed when '
|
||||
'connecting to %s: %s\n'
|
||||
'This means either someone is doing a man-in-the-middle '
|
||||
|
@ -144,13 +144,15 @@ def check_certificate_fingerprint(conn, trusted_fingerprints):
|
||||
|
||||
if hasattr(ssl, 'create_default_context'):
|
||||
def ssl_wrap_socket(conn, hostname, logger, certfile=None,
|
||||
trusted_fingerprints=None, verify=True,
|
||||
trusted_fingerprints=None, verify=True, ca_file=None,
|
||||
**kwargs):
|
||||
context = ssl.create_default_context(**kwargs)
|
||||
if trusted_fingerprints or not verify:
|
||||
# Do not use Certification Authorities
|
||||
context.check_hostname = False
|
||||
context.verify_mode = ssl.CERT_NONE
|
||||
if ca_file:
|
||||
context.load_verify_locations(cafile=ca_file)
|
||||
if certfile:
|
||||
context.load_cert_chain(certfile)
|
||||
conn = context.wrap_socket(conn, server_hostname=hostname)
|
||||
@ -160,18 +162,18 @@ if hasattr(ssl, 'create_default_context'):
|
||||
else:
|
||||
def ssl_wrap_socket(conn, hostname, logger, verify=True,
|
||||
certfile=None,
|
||||
ca_certs=None, trusted_fingerprints=None):
|
||||
ca_file=None, trusted_fingerprints=None):
|
||||
# TLSv1.0 is the only TLS version Python < 2.7.9 supports
|
||||
# (besides SSLv2 and v3, which are known to be insecure)
|
||||
conn = ssl.wrap_socket(conn, certfile=certfile, ca_certs=ca_certs,
|
||||
ssl_version=ssl.ssl.PROTOCOL_TLSv1, verify_mode=ssl.CERT_NONE)
|
||||
conn = ssl.wrap_socket(conn, certfile=certfile, ca_certs=ca_file,
|
||||
ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
if trusted_fingerprints:
|
||||
check_certificate_fingerprint(conn, trusted_fingerprints)
|
||||
elif verify:
|
||||
logger.critical('This Python version does not support SSL/TLS '
|
||||
'certification authority verification, which makes your '
|
||||
'connection vulnerable to man-in-the-middle attacks.'
|
||||
'You should consider upgrading to Python 3 '
|
||||
'(or at least 2.7.9).')
|
||||
'You should consider upgrading to Python 3.4 or newer. '
|
||||
'See <http://doc.supybot.aperio.fr/en/latest/use/faq.html#how-to-make-limnoria-use-python-3-instead-of-python-2>')
|
||||
return conn
|
||||
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:
|
||||
|
Loading…
Reference in New Issue
Block a user