From 18cd3bdd88bc388a2e0151a190830635c6221927 Mon Sep 17 00:00:00 2001
From: James Lu <GLolol1@hotmail.com>
Date: Mon, 10 Aug 2015 20:24:55 -0700
Subject: [PATCH] Add SSL linking support (#80)

TODO: implement fingerprint checking (optional) and a genssl script to ease SSL certificate generation.
---
 config.yml.example |  6 ++++++
 main.py            | 19 ++++++++++++++++---
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/config.yml.example b/config.yml.example
index fc4453d..1f6be96 100644
--- a/config.yml.example
+++ b/config.yml.example
@@ -53,6 +53,12 @@ servers:
         # PyLink might introduce a nick that is too long and cause netsplits!
         maxnicklen: 30
 
+        # Toggles SSL for this network. Defaults to false if not specified, and requires the
+        # ssl_certfile and ssl_keyfile options to work.
+        # ssl: true
+        # ssl_certfile: pylink-cert.pem
+        # ssl_keyfile: pylink-key.pem
+
     ts6net:
         ip: 127.0.0.1
         port: 7000
diff --git a/main.py b/main.py
index 3bb3b3e..7d1af4b 100755
--- a/main.py
+++ b/main.py
@@ -7,6 +7,7 @@ import time
 import sys
 from collections import defaultdict
 import threading
+import ssl
 
 from log import log
 import conf
@@ -73,13 +74,25 @@ class Irc():
         ip = self.serverdata["ip"]
         port = self.serverdata["port"]
         while True:
-            log.info("Connecting to network %r on %s:%s", self.name, ip, port)
             self.initVars()
             try:
+                self.socket = socket.socket()
+                self.socket.setblocking(0)
                 # Initial connection timeout is a lot smaller than the timeout after
                 # we've connected; this is intentional.
-                self.socket = socket.create_connection((ip, port), timeout=self.pingfreq)
-                self.socket.setblocking(0)
+                self.socket.settimeout(self.pingfreq)
+
+                if self.serverdata.get('ssl'):
+                    log.info('(%s) Attempting SSL for this connection...', self.name)
+                    certfile = self.serverdata.get('ssl_certfile')
+                    keyfile = self.serverdata.get('ssl_keyfile')
+                    if certfile and keyfile:
+                        self.socket = ssl.wrap_socket(self.socket, certfile=certfile, keyfile=keyfile)
+                    else:
+                        log.warning('(%s) SSL certfile/keyfile was not set correctly. '
+                                    'SSL will be disabled for this connection.', self.name)
+                log.info("Connecting to network %r on %s:%s", self.name, ip, port)
+                self.socket.connect((ip, port))
                 self.socket.settimeout(self.pingtimeout)
                 self.proto.connect(self)
                 self.spawnMain()