Enforce need_ssl if present on the webirc auth block.
Allow the client to gain +Z upon registration only if the WEBIRC message comes with the secure option from IRCv3. If the option is present but the connection is plaintext, send a helpful warning.
This could be seen as a regression, since web IRC gateways that don't send secure can't get +Z any more. I think this is technically correct—there was no way for such gateways to distinguish TLS connections, so we should assume the scarier possibility—but I'm happy to do something if there are sensible configurations that rely on the existing behaviour.
Enforce
need_ssl
if present on the webirc auth block.Allow the client to gain +Z upon registration only if the WEBIRC message comes with the
secure
option from IRCv3. If the option is present but the connection is plaintext, send a helpful warning.This could be seen as a regression, since web IRC gateways that don't send
secure
can't get +Z any more. I think this is technically correct—there was no way for such gateways to distinguish TLS connections, so we should assume the scarier possibility—but I'm happy to do something if there are sensible configurations that rely on the existing behaviour.