Mikaela/Limnoria
1
0
Fork 0
mirror of https://github.com/Mikaela/Limnoria.git synced 2025-02-04 16:44:11 +01:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/patch-1' into drivers/logging

Browse Source 
Conflicts:
	src/drivers/Socket.py
This commit is contained in:
James Lu 2016-02-24 07:07:29 -08:00
commit afc8d828b2
6 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -17,7 +17,7 @@ Master branch: [![Build Status (master branch)](https://travis-ci.org/ProgVal/Li
Testing branch: [![Build Status (testing branch)](https://travis-ci.org/ProgVal/Limnoria.png?branch=testing)](https://travis-ci.org/ProgVal/Limnoria) Testing branch: [![Build Status (testing branch)](https://travis-ci.org/ProgVal/Limnoria.png?branch=testing)](https://travis-ci.org/ProgVal/Limnoria)
Limnoria supports CPython 2.6, 2.7, 3.2, 3.3, 3.4, 3.5, nightly; Limnoria supports CPython 2.6, 2.7, 3.2, 3.3, 3.4, 3.5, nightly;
and Pypy 2 and 3. It works best with CPython 3.3 and higher. and Pypy 2 and 3. It works best with CPython 3.4 and higher.
Python 2.5 and older versions are not supported. Python 2.5 and older versions are not supported.
# Support # Support

4
plugins/Channel/plugin.py
View File

@ -663,7 +663,7 @@ class Channel(callbacks.Plugin):
@internationalizeDocstring @internationalizeDocstring
def remove(self, irc, msg, args, channel, banmask): def remove(self, irc, msg, args, channel, banmask):
"""[<channel>] <hostmask> """[<channel>] <nick|hostmask>
If you have the #channel,op capability, this will remove the If you have the #channel,op capability, this will remove the
persistent ignore on <hostmask> in the channel. <channel> is only persistent ignore on <hostmask> in the channel. <channel> is only
@ -676,7 +676,7 @@ class Channel(callbacks.Plugin):
irc.replySuccess() irc.replySuccess()
except KeyError: except KeyError:
irc.error(_('There are no ignores for that hostmask.')) irc.error(_('There are no ignores for that hostmask.'))
remove = wrap(remove, ['op', 'hostmask']) remove = wrap(remove, ['op', 'banmask'])
@internationalizeDocstring @internationalizeDocstring
def list(self, irc, msg, args, channel): def list(self, irc, msg, args, channel):

13
setup.py
View File

@ -237,10 +237,13 @@ setup(
) )
if sys.version_info < (2, 7, 9): if sys.version_info < (2, 7, 9):
sys.stderr.write('+------------------------------------------------+\n') sys.stderr.write('+-----------------------------------------------------+\n')
sys.stderr.write('| Running Limnoria on Python versions older than |\n') sys.stderr.write('| Running Limnoria on Python versions older than |\n')
sys.stderr.write('| 2.7.9 is deprecated. |\n') sys.stderr.write('| 2.7.9 is deprecated. |\n')
sys.stderr.write('| Please consider upgrading to Python 3.x. |\n') sys.stderr.write('| Please consider upgrading to Python 3.4 or greater. |\n')
sys.stderr.write('+------------------------------------------------+\n') sys.stderr.write('+-----------------------------------------------------+\n')
sys.stderr.write('\n')
sys.stderr.write('See <http://doc.supybot.aperio.fr/en/latest/use/faq.html#how-to-make-limnoria-use-python-3-instead-of-python-2>\n')
sys.stderr.write('\n')
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: # vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79:

11
src/conf.py
View File

@ -210,7 +210,7 @@ class VersionIfEmpty(registry.String):
def __call__(self): def __call__(self):
ret = registry.String.__call__(self) ret = registry.String.__call__(self)
if not ret: if not ret:
ret = 'Supybot %s' % version ret = 'Limnoria %s' % version
return ret return ret
registerGlobalValue(supybot, 'user', registerGlobalValue(supybot, 'user',
@ -329,6 +329,9 @@ def registerNetwork(name, password='', ssl=True, sasl_username='',
of fingerprints of trusted certificates for this network. of fingerprints of trusted certificates for this network.
If non-empty, Certification Authority signatures will not be used to If non-empty, Certification Authority signatures will not be used to
verify certificates."""))) verify certificates.""")))
registerGlobalValue(network.ssl, 'authorityCertificate',
registry.String('', _("""A certificate that is trusted to verify
certificates of this network (aka. Certificate Authority).""")))
registerGlobalValue(network, 'requireStarttls', registry.Boolean(False, registerGlobalValue(network, 'requireStarttls', registry.Boolean(False,
_("""Determines whether the bot will connect in plain text to %s _("""Determines whether the bot will connect in plain text to %s
but require STARTTLS before authentication. This is ignored if the but require STARTTLS before authentication. This is ignored if the
@ -1176,10 +1179,8 @@ utils.web.proxy = supybot.protocols.http.proxy
registerGroup(supybot.protocols, 'ssl') registerGroup(supybot.protocols, 'ssl')
registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates', registerGlobalValue(supybot.protocols.ssl, 'verifyCertificates',
registry.Boolean(False, _("""Determines whether server certificates registry.Boolean(False, _("""Determines whether server certificates
will be verified. Valid values are "required", "optional", and "none". will be verified, which checks whether the server certificate is signed
The default and recommended setting is "required", which checks the by a known certificate authority, and aborts the connection if it is not.""")))
server certificate is signed by a known Certificate Authority, and
aborts the connection if it is not.""")))
### ###

5
src/drivers/Socket.py
View File

@ -373,8 +373,11 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
certfile=certfile, certfile=certfile,
verify=verifyCertificates, verify=verifyCertificates,
trusted_fingerprints=network_config.ssl.serverFingerprints(), trusted_fingerprints=network_config.ssl.serverFingerprints(),
ca_file=network_config.ssl.authorityCertificate(),
) )
except ssl.CertificateError as e: except getattr(ssl, 'CertificateError', None) as e:
# Default to None for old Python version, which do not have
# CertificateError
drivers.log.error(('Certificate validation failed when ' drivers.log.error(('Certificate validation failed when '
'connecting to %s: %s\n' 'connecting to %s: %s\n'
'This means either someone is doing a man-in-the-middle ' 'This means either someone is doing a man-in-the-middle '

14
src/utils/net.py
View File

@ -144,13 +144,15 @@ def check_certificate_fingerprint(conn, trusted_fingerprints):
if hasattr(ssl, 'create_default_context'): if hasattr(ssl, 'create_default_context'):
def ssl_wrap_socket(conn, hostname, logger, certfile=None, def ssl_wrap_socket(conn, hostname, logger, certfile=None,
trusted_fingerprints=None, verify=True, trusted_fingerprints=None, verify=True, ca_file=None,
**kwargs): **kwargs):
context = ssl.create_default_context(**kwargs) context = ssl.create_default_context(**kwargs)
if trusted_fingerprints or not verify: if trusted_fingerprints or not verify:
# Do not use Certification Authorities # Do not use Certification Authorities
context.check_hostname = False context.check_hostname = False
context.verify_mode = ssl.CERT_NONE context.verify_mode = ssl.CERT_NONE
if ca_file:
context.load_verify_locations(cafile=ca_file)
if certfile: if certfile:
context.load_cert_chain(certfile) context.load_cert_chain(certfile)
conn = context.wrap_socket(conn, server_hostname=hostname) conn = context.wrap_socket(conn, server_hostname=hostname)
@ -160,18 +162,18 @@ if hasattr(ssl, 'create_default_context'):
else: else:
def ssl_wrap_socket(conn, hostname, logger, verify=True, def ssl_wrap_socket(conn, hostname, logger, verify=True,
certfile=None, certfile=None,
ca_certs=None, trusted_fingerprints=None): ca_file=None, trusted_fingerprints=None):
# TLSv1.0 is the only TLS version Python < 2.7.9 supports # TLSv1.0 is the only TLS version Python < 2.7.9 supports
# (besides SSLv2 and v3, which are known to be insecure) # (besides SSLv2 and v3, which are known to be insecure)
conn = ssl.wrap_socket(conn, certfile=certfile, ca_certs=ca_certs, conn = ssl.wrap_socket(conn, certfile=certfile, ca_certs=ca_file,
ssl_version=ssl.ssl.PROTOCOL_TLSv1, verify_mode=ssl.CERT_NONE) ssl_version=ssl.PROTOCOL_TLSv1)
if trusted_fingerprints: if trusted_fingerprints:
check_certificate_fingerprint(conn, trusted_fingerprints) check_certificate_fingerprint(conn, trusted_fingerprints)
elif verify: elif verify:
logger.critical('This Python version does not support SSL/TLS ' logger.critical('This Python version does not support SSL/TLS '
'certification authority verification, which makes your ' 'certification authority verification, which makes your '
'connection vulnerable to man-in-the-middle attacks.' 'connection vulnerable to man-in-the-middle attacks.'
'You should consider upgrading to Python 3 ' 'You should consider upgrading to Python 3.4 or newer. '
'(or at least 2.7.9).') 'See <http://doc.supybot.aperio.fr/en/latest/use/faq.html#how-to-make-limnoria-use-python-3-instead-of-python-2>')
return conn return conn
# vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: # vim:set shiftwidth=4 softtabstop=4 expandtab textwidth=79: