3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 01:09:22 +01:00

Add SSL linking support (#80)

TODO: implement fingerprint checking (optional) and a genssl script to ease SSL certificate generation.
This commit is contained in:
James Lu 2015-08-10 20:24:55 -07:00
parent cdb0bb6707
commit 18cd3bdd88
2 changed files with 22 additions and 3 deletions

View File

@ -53,6 +53,12 @@ servers:
# PyLink might introduce a nick that is too long and cause netsplits!
maxnicklen: 30
# Toggles SSL for this network. Defaults to false if not specified, and requires the
# ssl_certfile and ssl_keyfile options to work.
# ssl: true
# ssl_certfile: pylink-cert.pem
# ssl_keyfile: pylink-key.pem
ts6net:
ip: 127.0.0.1
port: 7000

19
main.py
View File

@ -7,6 +7,7 @@ import time
import sys
from collections import defaultdict
import threading
import ssl
from log import log
import conf
@ -73,13 +74,25 @@ class Irc():
ip = self.serverdata["ip"]
port = self.serverdata["port"]
while True:
log.info("Connecting to network %r on %s:%s", self.name, ip, port)
self.initVars()
try:
self.socket = socket.socket()
self.socket.setblocking(0)
# Initial connection timeout is a lot smaller than the timeout after
# we've connected; this is intentional.
self.socket = socket.create_connection((ip, port), timeout=self.pingfreq)
self.socket.setblocking(0)
self.socket.settimeout(self.pingfreq)
if self.serverdata.get('ssl'):
log.info('(%s) Attempting SSL for this connection...', self.name)
certfile = self.serverdata.get('ssl_certfile')
keyfile = self.serverdata.get('ssl_keyfile')
if certfile and keyfile:
self.socket = ssl.wrap_socket(self.socket, certfile=certfile, keyfile=keyfile)
else:
log.warning('(%s) SSL certfile/keyfile was not set correctly. '
'SSL will be disabled for this connection.', self.name)
log.info("Connecting to network %r on %s:%s", self.name, ip, port)
self.socket.connect((ip, port))
self.socket.settimeout(self.pingtimeout)
self.proto.connect(self)
self.spawnMain()