* ircutils: Fix incorrect log message on invalid STS policy
* STS: fix confusion over what a secure connection is
irclib computed 'secure_connection' when TLS is enabled and TLS certs
are checked; but ircutils used the value to parse STS policies, which
should only care about being TLS or not.
This commit fixes the incorrect parsing on unchecked-TLS, and triggers
a reconnect when a STS policy is encountered in this case, to force
TLS certs to be checked before storing the policy.
* Accept STS policies when reconnecting after getting it over cleartext
ircutils.parseStsPolicy() was passed self.driver.ssl which is the configured
value, even though the connection was forced to be TLS temporarily
* ci: Lower timeout
* Fix typo in test name
Co-authored-by: James Lu <james@overdrivenetworks.com>
---------
Co-authored-by: James Lu <james@overdrivenetworks.com>
nickFromHostmask now (legitimately) complains when it's getting @ or !
at the beginning of a hostmask; so we need to strip them before passing
it to nickFromHostmask.
Then re-add them before calling c.addUser, because it uses them to
sort users in the right sets (ops/halfops/voices).
Additionally, this commit replaces the hardcoded set of prefix chars
(`@%+&~!`) with the one advertised in ISUPPORT when possible.
Otherwise, if some IP addresses don't work (eg. all odd ones), the bot will
consecutively fail because it can't connect, then connect + get STS + reconnect,
then fail again, then connect + get STS, etc.
echo-message ended up in self.state.capabilities_req even though it wasn't
requested, so the bot was stuck in state:
"Waiting for ACK/NAK of capabilities: {'echo-message'}".
Plugin can opt in to getting echo messages by setting the class attribute
'echo_message = True' if they want to get echos.
This defaults to False in order not to break existing plugins, and because
they usually don't need it (there's outFilter for most cases).
If on an insecure connection: reconnect.
If on a secure connect: store it and do nothing else.
For now, stored STS policies are not read when connecting to an
insecure server.
It's nicer to use 'irc.channel' instead of 'irc.args[0]', and .channel
provides the actual channel name (stripped of the statusmsg prefix),
so it can be used by plugins when they want to use the actual channel
name.
