3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 01:09:22 +01:00

Irc: make certfile/keyfile optional

This was never required for S2S links to work... Why did I think that?
This commit is contained in:
James Lu 2016-07-28 22:49:05 -07:00
parent f4922743fc
commit 13c0e50358
2 changed files with 10 additions and 12 deletions

View File

@ -204,15 +204,15 @@ class Irc():
log.info('(%s) Attempting SSL for this connection...', self.name) log.info('(%s) Attempting SSL for this connection...', self.name)
certfile = self.serverdata.get('ssl_certfile') certfile = self.serverdata.get('ssl_certfile')
keyfile = self.serverdata.get('ssl_keyfile') keyfile = self.serverdata.get('ssl_keyfile')
if certfile and keyfile:
try:
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23) context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
# Disable SSLv2 and SSLv3 - these are insecure # Disable SSLv2 and SSLv3 - these are insecure
context.options |= ssl.OP_NO_SSLv2 context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3 context.options |= ssl.OP_NO_SSLv3
context.load_cert_chain(certfile, keyfile)
self.socket = context.wrap_socket(self.socket)
if certfile and keyfile:
try:
context.load_cert_chain(certfile, keyfile)
except OSError: except OSError:
log.exception('(%s) Caught OSError trying to ' log.exception('(%s) Caught OSError trying to '
'initialize the SSL connection; ' 'initialize the SSL connection; '
@ -220,10 +220,8 @@ class Irc():
'"ssl_keyfile" set correctly?', '"ssl_keyfile" set correctly?',
self.name) self.name)
checks_ok = False checks_ok = False
else: # SSL was misconfigured, abort.
log.error('(%s) SSL certfile/keyfile was not set ' self.socket = context.wrap_socket(self.socket)
'correctly, aborting... ', self.name)
checks_ok = False
log.info("Connecting to network %r on %s:%s", self.name, ip, port) log.info("Connecting to network %r on %s:%s", self.name, ip, port)
self.socket.connect((ip, port)) self.socket.connect((ip, port))

View File

@ -114,10 +114,10 @@ servers:
# cause netsplits! This defaults to 30 if not set. # cause netsplits! This defaults to 30 if not set.
maxnicklen: 30 maxnicklen: 30
# Toggles SSL for this network. Defaults to false if not specified, and # Toggles SSL for this network. Defaults to False if not specified.
# requires the ssl_certfile and ssl_keyfile options to work.
#ssl: true #ssl: true
# Optional SSL cert/key to pass to the uplink server.
#ssl_certfile: pylink-cert.pem #ssl_certfile: pylink-cert.pem
#ssl_keyfile: pylink-key.pem #ssl_keyfile: pylink-key.pem