Enforce need_ssl if present on the webirc auth block.
Allow the client to gain +Z upon registration only if the WEBIRC message comes with the secure option from IRCv3. If the option is present but the connection is plaintext, send a helpful warning.
This could be seen as a regression, since web IRC gateways that don't send secure can't get +Z any more. I think this is technically correct—there was no way for such gateways to distinguish TLS connections, so we should assume the scarier possibility—but I'm happy to do something if there are sensible configurations that rely on the existing behaviour.
Enforce
need_sslif present on the webirc auth block.Allow the client to gain +Z upon registration only if the WEBIRC message comes with the
secureoption from IRCv3. If the option is present but the connection is plaintext, send a helpful warning.This could be seen as a regression, since web IRC gateways that don't send
securecan't get +Z any more. I think this is technically correct—there was no way for such gateways to distinguish TLS connections, so we should assume the scarier possibility—but I'm happy to do something if there are sensible configurations that rely on the existing behaviour.