From 13c0e5035898df2dfab5a917c84ef8f46736c015 Mon Sep 17 00:00:00 2001
From: James Lu <GLolol@overdrivenetworks.com>
Date: Thu, 28 Jul 2016 22:49:05 -0700
Subject: [PATCH] Irc: make certfile/keyfile optional

This was never required for S2S links to work... Why did I think that?
---
 classes.py       | 18 ++++++++----------
 example-conf.yml |  4 ++--
 2 files changed, 10 insertions(+), 12 deletions(-)

diff --git a/classes.py b/classes.py
index 69ed13b..a23036b 100644
--- a/classes.py
+++ b/classes.py
@@ -204,15 +204,15 @@ class Irc():
                     log.info('(%s) Attempting SSL for this connection...', self.name)
                     certfile = self.serverdata.get('ssl_certfile')
                     keyfile = self.serverdata.get('ssl_keyfile')
+
+                    context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
+                    # Disable SSLv2 and SSLv3 - these are insecure
+                    context.options |= ssl.OP_NO_SSLv2
+                    context.options |= ssl.OP_NO_SSLv3
+
                     if certfile and keyfile:
                         try:
-                            context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
-                            # Disable SSLv2 and SSLv3 - these are insecure
-                            context.options |= ssl.OP_NO_SSLv2
-                            context.options |= ssl.OP_NO_SSLv3
                             context.load_cert_chain(certfile, keyfile)
-                            self.socket = context.wrap_socket(self.socket)
-
                         except OSError:
                              log.exception('(%s) Caught OSError trying to '
                                            'initialize the SSL connection; '
@@ -220,10 +220,8 @@ class Irc():
                                            '"ssl_keyfile" set correctly?',
                                            self.name)
                              checks_ok = False
-                    else:  # SSL was misconfigured, abort.
-                        log.error('(%s) SSL certfile/keyfile was not set '
-                                  'correctly, aborting... ', self.name)
-                        checks_ok = False
+
+                    self.socket = context.wrap_socket(self.socket)
 
                 log.info("Connecting to network %r on %s:%s", self.name, ip, port)
                 self.socket.connect((ip, port))
diff --git a/example-conf.yml b/example-conf.yml
index b8444fe..dcf9ccc 100644
--- a/example-conf.yml
+++ b/example-conf.yml
@@ -114,10 +114,10 @@ servers:
         # cause netsplits! This defaults to 30 if not set.
         maxnicklen: 30
 
-        # Toggles SSL for this network. Defaults to false if not specified, and
-        # requires the ssl_certfile and ssl_keyfile options to work.
+        # Toggles SSL for this network. Defaults to False if not specified.
         #ssl: true
 
+        # Optional SSL cert/key to pass to the uplink server.
         #ssl_certfile: pylink-cert.pem
         #ssl_keyfile: pylink-key.pem