3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 01:09:22 +01:00

Irc: make certfile/keyfile optional

This was never required for S2S links to work... Why did I think that?
This commit is contained in:
James Lu 2016-07-28 22:49:05 -07:00
parent f4922743fc
commit 13c0e50358
2 changed files with 10 additions and 12 deletions

View File

@ -204,15 +204,15 @@ class Irc():
log.info('(%s) Attempting SSL for this connection...', self.name)
certfile = self.serverdata.get('ssl_certfile')
keyfile = self.serverdata.get('ssl_keyfile')
if certfile and keyfile:
try:
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
# Disable SSLv2 and SSLv3 - these are insecure
context.options |= ssl.OP_NO_SSLv2
context.options |= ssl.OP_NO_SSLv3
context.load_cert_chain(certfile, keyfile)
self.socket = context.wrap_socket(self.socket)
if certfile and keyfile:
try:
context.load_cert_chain(certfile, keyfile)
except OSError:
log.exception('(%s) Caught OSError trying to '
'initialize the SSL connection; '
@ -220,10 +220,8 @@ class Irc():
'"ssl_keyfile" set correctly?',
self.name)
checks_ok = False
else: # SSL was misconfigured, abort.
log.error('(%s) SSL certfile/keyfile was not set '
'correctly, aborting... ', self.name)
checks_ok = False
self.socket = context.wrap_socket(self.socket)
log.info("Connecting to network %r on %s:%s", self.name, ip, port)
self.socket.connect((ip, port))

View File

@ -114,10 +114,10 @@ servers:
# cause netsplits! This defaults to 30 if not set.
maxnicklen: 30
# Toggles SSL for this network. Defaults to false if not specified, and
# requires the ssl_certfile and ssl_keyfile options to work.
# Toggles SSL for this network. Defaults to False if not specified.
#ssl: true
# Optional SSL cert/key to pass to the uplink server.
#ssl_certfile: pylink-cert.pem
#ssl_keyfile: pylink-key.pem