This applies the following for both WebUI and Daemon:
1. Raised minimal TLS version to TLSv1.2
2. Added specific cipher suite list
3. Added support for ECDSA auth keys
4. Added support for ECDHE key exchange algorithm
We disabled the ability to perform TLS/SSL renegotiation and therefore
will prevent the clients from renegotiating, which can be exploit for
DoS attacks.
New security tests now will be skipped when running `pydef` and `trial`
testenvs. To run the test, use the testenv `security` or add the environment
variable `SECURITY_TESTS` before running the tests. Also should only run when
adding to the commit message the string `SECURITY_TEST`.
Likely that the deprecation warning from cryptography is causing the
setup.py sphinx build command to return an error so the tox/travis job
is marked as failing. Changing to calling the sphinx-build command
directly solves this.
Also updated the sphinx config for built-in napoleon and faster builds
using jobs option.
Some new flake8 checkers were added so fix these new warnings and
any issues uncovered.
Use add-trailing-comma to fix missing trailing commas. It does not
format it as well as I would like however it was fast to change and
helps with git changes in future.
Removed pylint from tox due to large number of warnings.
The use of `{env:PWD}` is not available on Windows so switch to
`{toxworkdir}` which is the directory where virtual environments
are created and sub directories for packaging reside.
Config values are either wrong, unused or default is better.
Disable logging of deluge log output in testing.
Newer versions of pytest now use `pytest` cmd so rename.
* There is a problem with Twisted 17 and the setup for travis and tox
using site-packages with an old openssh package.
AttributeError: 'module' object has no attribute 'OP_NO_TLSv1_1'
* The simplest workaround for now is to pin Twisted to 16.6.
* To help user's encountering a blank web page, log warnings if script
files for a selected mode are missing and attempt to fallback to a working mode.
* There is no logging for dev version detection to prevent spamming output.
* Add slimit dependency to tox
This should fix problems with errors occuring when failing to
enable plugins. Errors in plugin handling are handled better
and properly logged.
WebUI plugin in particular had issues when being enabled and disabled
multiple times because it was trying to create DelugeWeb component
each time it was enabled. If deluge-web is already listening on
the same port, enabling the WebUI plugin will fail, and the checkbox
will not be checked.
There are still some issues when enabling/disabling plugins by
clicking fast multiple times on the checkbox.
* Further whitespace fixes by autopep8
* Using pep8 v1.6.2 (not currently used by pyflakes)
* Update config for pep8 and flake8 in tox.ini
* A separate pep8 entry for running autopep8. The ignores prevent
blank lines being added after docstrings.
* .tox and E133 are ignored in flake8 by default.