mirror of
https://github.com/jlu5/PyLink.git
synced 2024-11-24 03:29:28 +01:00
Irc: make certfile/keyfile optional
This was never required for S2S links to work... Why did I think that?
This commit is contained in:
parent
f4922743fc
commit
13c0e50358
18
classes.py
18
classes.py
@ -204,15 +204,15 @@ class Irc():
|
|||||||
log.info('(%s) Attempting SSL for this connection...', self.name)
|
log.info('(%s) Attempting SSL for this connection...', self.name)
|
||||||
certfile = self.serverdata.get('ssl_certfile')
|
certfile = self.serverdata.get('ssl_certfile')
|
||||||
keyfile = self.serverdata.get('ssl_keyfile')
|
keyfile = self.serverdata.get('ssl_keyfile')
|
||||||
|
|
||||||
|
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
||||||
|
# Disable SSLv2 and SSLv3 - these are insecure
|
||||||
|
context.options |= ssl.OP_NO_SSLv2
|
||||||
|
context.options |= ssl.OP_NO_SSLv3
|
||||||
|
|
||||||
if certfile and keyfile:
|
if certfile and keyfile:
|
||||||
try:
|
try:
|
||||||
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
|
|
||||||
# Disable SSLv2 and SSLv3 - these are insecure
|
|
||||||
context.options |= ssl.OP_NO_SSLv2
|
|
||||||
context.options |= ssl.OP_NO_SSLv3
|
|
||||||
context.load_cert_chain(certfile, keyfile)
|
context.load_cert_chain(certfile, keyfile)
|
||||||
self.socket = context.wrap_socket(self.socket)
|
|
||||||
|
|
||||||
except OSError:
|
except OSError:
|
||||||
log.exception('(%s) Caught OSError trying to '
|
log.exception('(%s) Caught OSError trying to '
|
||||||
'initialize the SSL connection; '
|
'initialize the SSL connection; '
|
||||||
@ -220,10 +220,8 @@ class Irc():
|
|||||||
'"ssl_keyfile" set correctly?',
|
'"ssl_keyfile" set correctly?',
|
||||||
self.name)
|
self.name)
|
||||||
checks_ok = False
|
checks_ok = False
|
||||||
else: # SSL was misconfigured, abort.
|
|
||||||
log.error('(%s) SSL certfile/keyfile was not set '
|
self.socket = context.wrap_socket(self.socket)
|
||||||
'correctly, aborting... ', self.name)
|
|
||||||
checks_ok = False
|
|
||||||
|
|
||||||
log.info("Connecting to network %r on %s:%s", self.name, ip, port)
|
log.info("Connecting to network %r on %s:%s", self.name, ip, port)
|
||||||
self.socket.connect((ip, port))
|
self.socket.connect((ip, port))
|
||||||
|
@ -114,10 +114,10 @@ servers:
|
|||||||
# cause netsplits! This defaults to 30 if not set.
|
# cause netsplits! This defaults to 30 if not set.
|
||||||
maxnicklen: 30
|
maxnicklen: 30
|
||||||
|
|
||||||
# Toggles SSL for this network. Defaults to false if not specified, and
|
# Toggles SSL for this network. Defaults to False if not specified.
|
||||||
# requires the ssl_certfile and ssl_keyfile options to work.
|
|
||||||
#ssl: true
|
#ssl: true
|
||||||
|
|
||||||
|
# Optional SSL cert/key to pass to the uplink server.
|
||||||
#ssl_certfile: pylink-cert.pem
|
#ssl_certfile: pylink-cert.pem
|
||||||
#ssl_keyfile: pylink-key.pem
|
#ssl_keyfile: pylink-key.pem
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user