Limnoria/.github
Val Lorentz 2902a85dbd
Fix STS parsing and handling of unchecked-TLS connections (#1524)
* ircutils: Fix incorrect log message on invalid STS policy

* STS: fix confusion over what a secure connection is

irclib computed 'secure_connection' when TLS is enabled and TLS certs
are checked; but ircutils used the value to parse STS policies, which
should only care about being TLS or not.

This commit fixes the incorrect parsing on unchecked-TLS, and triggers
a reconnect when a STS policy is encountered in this case, to force
TLS certs to be checked before storing the policy.

* Accept STS policies when reconnecting after getting it over cleartext

ircutils.parseStsPolicy() was passed self.driver.ssl which is the configured
value, even though the connection was forced to be TLS temporarily

* ci: Lower timeout

* Fix typo in test name

Co-authored-by: James Lu <james@overdrivenetworks.com>

---------

Co-authored-by: James Lu <james@overdrivenetworks.com>
2023-06-10 08:28:08 +02:00
..
workflows Fix STS parsing and handling of unchecked-TLS connections (#1524) 2023-06-10 08:28:08 +02:00