Skip to content
Snippets Groups Projects
  1. Mar 11, 2014
    • W. Trevor King's avatar
      irkerd: Extract username and password from submitted URLs · abed95e1
      W. Trevor King authored
      And use them (when present) as the USER username [1] and server PASS
      [2] respectively.  The previous implementation gave no way to set
      PASS, which will vary on a per-target-server level.  There's unlikely
      to be much need to set per-server usernames, except collision
      avoidance (e.g. network X already has an 'irker' user).
      
      I changed the existing IRCServerConnection.connect argument from
      'ircname' to 'realname' to match the USER specs and our
      IRCServerConnection.user implementation.  The 'realname' and
      'username' arguments are currently unset, but you could add command
      line options to set irker-wide defaults, and use the kwargs chain to
      pass them down to the connect method.  The fallback logic is:
      
      * Prefer the setting listed in the URL (although you'd need to add a
        parser to extract 'realname').  If that's empty or missing, fall
        back to
      * The irker-wide default passed down the kwargs chain.  If that's
        empty or missing, fall back to
      * Local defaults ('irker' and 'irker relaying client').
      
      I also tweaked the servername and port extraction in
      Target.__init__(), because they are already parsed out of the netloc
      (along with the username and password) by urlparse().
      
      [1]: https://tools.ietf.org/html/rfc2812#section-3.1.3
      [2]: https://tools.ietf.org/html/rfc2812#section-3.1.1
      abed95e1
    • W. Trevor King's avatar
      irkerd: Initial SSL/TLS implementation · a82724f9
      W. Trevor King authored
      This is pretty basic, just using as much of Python's ssl module as the
      host Python implementation supports.  I also added error-level logging
      of IRCServerConnectionError instances, to get helpful messages like:
      
        Invalid SSL/TLS certificate:
        hostname 'localhost' doesn't match 'irc.example.net'
      
      and:
      
        Couldn't connect to socket: _ssl.c:334: No root certificates
        specified for verification of other-side certificates.
      
      Important milestones in the standard library's ssl module:
      
      * Python 2.5 [1,2]: No ssl module at all
      * Python 2.6 [1,2]: ssl module added
      * Python 3.2 [3,4]: ssl.SSLContext class added, with
        SSLContext.set_default_verify_paths [4].  ssl.match_hostname is also
        added [5], which can be used with the existing getpeercert [6] to
        ensure the server certificate belongs to the target host.
      
      So for full verification, we need Python 3.2.  We can scrape by with
      2.6 and later, by manually supplying a ca_certs path and ignoring
      hostname mismatches.  That's more succeptible to man-in-the-middle
      attacks, but still better than sending server, nick, and channel
      passwords in plaintext.
      
      [1]: http://docs.python.org/2/library/ssl.html
      [2]: http://docs.python.org/2/whatsnew/2.6.html#improved-ssl-support
      [3]: http://docs.python.org/3/whatsnew/3.2.html#ssl
      [4]: http://docs.python.org/3/library/ssl.html#ssl.SSLContext.set_default_verify_paths
      [5]: http://docs.python.org/3/library/ssl.html#ssl.match_hostname
      [6]: http://docs.python.org/2/library/ssl.html#ssl.SSLSocket.getpeercert
      a82724f9
  2. Dec 22, 2013
  3. Nov 30, 2013
  4. Nov 26, 2013
  5. Oct 20, 2013
  6. Oct 18, 2013
  7. Apr 24, 2013
  8. Apr 16, 2013
  9. Jan 25, 2013
  10. Oct 10, 2012
  11. Oct 07, 2012
  12. Oct 02, 2012
  13. Sep 30, 2012
  14. Sep 29, 2012
  15. Sep 27, 2012
  16. Sep 04, 2012
  17. Aug 31, 2012
  18. Aug 28, 2012
  19. Aug 27, 2012
Loading