Commit Graph

101 Commits

Author SHA1 Message Date
Valentin Lorentz
3bedc86479 Socket: Disable resolution when using a SOCKS proxy
1. Avoids leaking DNS queries
2. necessary for onion services
2021-05-27 00:08:02 +02:00
Valentin Lorentz
cca1156b90 drivers: Log SOCKS proxy on connecting 2021-05-26 23:43:23 +02:00
Valentin Lorentz
9323302704 Socket: Recover from socks.GeneralProxyError exceptions. 2021-04-05 13:41:29 +02:00
Valentin Lorentz
772ec8d6a9 When getting STS policy over insecure connection, reuse the exact same IP address
Otherwise, if some IP addresses don't work (eg. all odd ones), the bot will
consecutively fail because it can't connect, then connect + get STS + reconnect,
then fail again, then connect + get STS, etc.
2021-01-11 23:22:21 +01:00
Valentin Lorentz
ba77de0946 Try all IP addresses of a hostname.
Fixes a regression in ecc2c32950 that caused
Socket.py to ignore the IP address entirely after computing it, and
to call getSocket() and connect() with the hostname instead.
2020-12-05 14:26:52 +01:00
Valentin Lorentz
277cbb6589 Socket: Add missing self argument to setTimeout. 2020-05-30 21:54:24 +02:00
Valentin Lorentz
2bcdfd069a Socket: Detect closed TCP connections.
So far Limnoria relied on detecting 'ERROR :closing link' (see doError
in src/irclib.py), but that's not a standard at all, and fails on
Oragono; so we need to do this to check we're disconnected.

Plus, parsing the argument of ERROR is awful in the first place.
2020-05-29 19:50:43 +02:00
Valentin Lorentz
d9b1d1f49d Socket: make setTimeout catch errors.
setTimeout may be called as a supybot.drivers.poll callback,
which may by the access to supybot.drivers.poll() in _select;
so a crash in setTimeout will propage up to _run(), which would
cause a random driver to be killed because another one failed
and that's bad.

For example:

INFO 2020-05-27T18:40:18 supybot Received SIGHUP, reloading configuration.
ERROR 2020-05-27T18:40:19 supybot Uncaught exception in in drivers.run:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/supybot/drivers/__init__.py", line 104, in run
    driver.run()
  File "/usr/lib/python3/dist-packages/supybot/drivers/Socket.py", line 194, in run
    self._select()
  File "/usr/lib/python3/dist-packages/supybot/drivers/Socket.py", line 167, in _select
    [], [], conf.supybot.drivers.poll())
  File "/usr/lib/python3/dist-packages/supybot/registry.py", line 422, in __call__
    self.set(_cache[self._name])
  File "/usr/lib/python3/dist-packages/supybot/registry.py", line 476, in set
    self.setValue(float(s))
  File "/usr/lib/python3/dist-packages/supybot/registry.py", line 495, in setValue
    super(PositiveFloat, self).setValue(v)
  File "/usr/lib/python3/dist-packages/supybot/registry.py", line 482, in setValue
    super(Float, self).setValue(float(v))
  File "/usr/lib/python3/dist-packages/supybot/registry.py", line 385, in setValue
    callback(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/supybot/drivers/Socket.py", line 305, in setTimeout
    self.conn.settimeout(conf.supybot.drivers.poll())
OSError: [Errno 9] Bad file descriptor
ERROR 2020-05-27T18:40:19 supybot Exception id: 0x86ecf
INFO 2020-05-27T18:40:21 supybot Removing driver SocketDriver(Irc object for irchaven).
2020-05-29 19:50:28 +02:00
Valentin Lorentz
fabe8a284e Socket: de-register setTimeout from supybot.drivers.poll's callbacks when dying. 2020-05-29 19:42:42 +02:00
Valentin Lorentz
88549f9faa Socket: Move call to supybot.drivers.poll outside the critical section.
It may do some non-trivial stuff (eg. calling registry callbacks);
and the less code in the locked-section the better.
2020-05-29 19:41:25 +02:00
Valentin Lorentz
f9bf75aeee net: Give more context to TLS errors.
They are notoriously hard to read, so let's at least say which
part of ssl_wrap_socket triggered them so the user have some
idea what is going on.
2020-05-26 23:06:39 +02:00
Valentin Lorentz
d56e8ef73d Socket: Remove misleading error fallback for Python <3.4.
We no longer support this Python version.

Fixes GH-1412.
2020-05-26 23:01:10 +02:00
Valentin Lorentz
22120ee862 Fix various issues with STS handling. 2020-05-01 19:46:19 +02:00
Valentin Lorentz
51ff013fcc Apply STS policies when connecting to a server. 2020-05-01 19:46:19 +02:00
Valentin Lorentz
ecc2c32950 Add support for storing STS policies.
If on an insecure connection: reconnect.
If on a secure connect: store it and do nothing else.

For now, stored STS policies are not read when connecting to an
insecure server.
2020-05-01 19:46:19 +02:00
Valentin Lorentz
ff5edd95a3 Remove Twisted.
There's no reason to use it anymore instead of Socket.
It's already missing features compared to Socket, and I don't want to
maintain it anymore so it will keep getting worse.
2020-05-01 19:46:19 +02:00
Valentin Lorentz
3576503e3f Update links to the documentation. 2020-03-17 19:22:52 +01:00
Valentin Lorentz
5efd2afa27 Socket: Don't add instances twice in cls._instances.
The connect() method already adds it, so it was in the list twice
(added both by __init__() and connect()).

This caused _select() to call _read() twice on the same instance,
except there is usually nothing to read on the second call,
so it blocks for up to conf.supybot.drivers.poll().
2020-01-25 21:00:42 +01:00
Valentin Lorentz
777d8e4920 Socket: use a proper lock instead of a boolean. 2020-01-23 16:47:49 +01:00
Valentin Lorentz
11dd5049fe Fix MITM warning. 2018-10-06 08:13:10 +02:00
James Lu
c5175110e0 Socket: fix 91a38887a with backported ipaddress on Python 2
Closes GH-1342.
2018-07-09 03:37:10 +00:00
James Lu
72c4801bb9 Socket: fix previous commit 2018-06-19 12:13:45 -07:00
James Lu
91a38887a2 Socket: suppress "not using TLS" errors on loopback addresses
This is a refined version of #1317.
2018-06-19 11:59:42 -07:00
James Lu
afc8d828b2 Merge remote-tracking branch 'origin/patch-1' into drivers/logging
Conflicts:
	src/drivers/Socket.py
2016-02-24 07:07:29 -08:00
Valentin Lorentz
d163d1a1a3 Add support for authority certificates. 2016-02-23 20:52:36 +01:00
James Lu
b344126318 Socket: update logging text to flow better 2016-02-23 07:29:16 -08:00
Valentin Lorentz
78cf550674 Socket: fix crash on Python versions that do no support certificate validation. 2016-02-23 16:25:37 +01:00
James Lu
aee7ac3583 Socket: drop SSL-related logging from critical to warning / error, and fix spacing 2016-02-22 07:09:56 -08:00
Valentin Lorentz
a7096f8b3e Disable SSL cert verification by default.
Having it enabled by default would break existing bots just by
doing the update.
Let's just show a warning and give owners some time to update
their config, for the moment.
2016-02-21 14:47:44 +01:00
Valentin Lorentz
ae560dbd2a Add supybot.protocols.ssl.verifyCertificates.
And remove unused variable supybot.protocols.ssl.verifyMode.
2016-02-21 14:42:41 +01:00
Valentin Lorentz
e77e78e79e Add support for using server certificate fingerprint instead of CA signature. 2016-02-21 14:18:14 +01:00
Valentin Lorentz
d922af1043 Verify server certificate, and deprecate Python < 2.7.9. Closes GH-1031. 2016-02-21 13:20:09 +01:00
Valentin Lorentz
10522857b1 Fix activation of SSL for connections using SOCKS. 2015-12-18 20:33:36 +01:00
Valentin Lorentz
4b1c766b42 Add support for STARTTLS (not tested). 2015-12-12 16:40:48 +01:00
Valentin Lorentz
912d2e1538 core: Apply some suggestions of pyflakes. 2015-08-31 18:19:22 +02:00
Valentin Lorentz
c01a956a8b utils: Remove dependency on parent package. 2015-08-30 17:33:39 +02:00
Valentin Lorentz
c3a2c800f1 Remove need for 2to3. 2015-08-11 16:50:23 +02:00
Valentin Lorentz
216c5d213f Replace sys.version_info[0] usages with minisix.PY{2,3}. 2015-08-09 00:23:03 +02:00
Valentin Lorentz
eca7a036aa Socket: Move line decoding to utils.str. 2015-05-16 00:30:20 +02:00
Valentin Lorentz
537f9b3461 Socket: catch connection errors. 2014-08-30 12:11:00 +02:00
nyuszika7h
fa06f2af34 Add protocols.irc.certfile
Fixes #612.
2014-06-04 19:12:56 +02:00
Valentin Lorentz
dcb25db6e5 Add support for SRV records in domain name resolution. 2014-03-01 09:22:14 +01:00
Valentin Lorentz
108b0de0d1 Add support of IP-binding in non-IRC connections. 2014-03-01 09:06:21 +01:00
Valentin Lorentz
1fbdedc7e0 Continue accelerating the 2to3 step (remove fix_funcattrs, fix_itertools, and fix_itertools_imports). 2014-01-21 10:50:55 +01:00
Valentin Lorentz
bb7db3ab21 Continue accelerating the 2to3 step (remove fix_except). 2014-01-20 15:49:15 +01:00
Valentin Lorentz
4652c9ce51 Start accelerating the 2to3 step (remove fix_apply, fix_buffer, fix_callable, fix_exec, fix_execfile, fix_exitfunc, fix_filter, fix_funcattrs, fix_future, fix_getcwdu, and fix_has_key). 2014-01-20 14:49:47 +01:00
Valentin Lorentz
0ecdb87aef Fix crash in sending queued messages if SocketDriver.irc is None. 2013-12-27 13:15:45 +00:00
Valentin Lorentz
c774013e1f Socket: Only call self.irc.feedMsg if self.irc is not None (ie. a reconnect is not in progress). 2013-12-05 12:37:00 +00:00
Valentin Lorentz
583b1baf64 Socket: Fix commit 4c24f30. 2013-12-03 05:44:50 +00:00
Valentin Lorentz
9a83b741ea Socket: Only display the missing cert file warning if a cert file path is given. 2013-11-27 16:44:15 +00:00