From e65a722b2f6d09dc082dd7646327b487ac4244b5 Mon Sep 17 00:00:00 2001
From: Valentin Lorentz <progval@gmail.com>
Date: Sun, 10 Nov 2013 11:45:01 +0100
Subject: [PATCH] Add certfp support. Closes GH-468.

---
 src/conf.py           | 3 +++
 src/drivers/Socket.py | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/conf.py b/src/conf.py
index 80665199a..9b3b0441f 100644
--- a/src/conf.py
+++ b/src/conf.py
@@ -306,6 +306,9 @@ def registerNetwork(name, password='', ssl=False, sasl_username='',
     registerGlobalValue(network, 'ssl', registry.Boolean(ssl,
         _("""Determines whether the bot will attempt to connect with SSL
         sockets to %s.""") % name))
+    registerGlobalValue(network, 'certfile', registry.String('',
+        _("""Determines what certificate file (if any) the bot will use to
+        connect with SSL sockets to %s.""") % name))
     registerChannelValue(network.channels, 'key', registry.String('',
         _("""Determines what key (if any) will be used to join the
         channel."""), private=True))
diff --git a/src/drivers/Socket.py b/src/drivers/Socket.py
index 08b799cc4..c4b12bba1 100644
--- a/src/drivers/Socket.py
+++ b/src/drivers/Socket.py
@@ -304,7 +304,10 @@ class SocketDriver(drivers.IrcDriver, drivers.ServersMixin):
         try:
             if getattr(conf.supybot.networks, self.irc.network).ssl():
                 assert globals().has_key('ssl')
-                self.conn = ssl.wrap_socket(self.conn)
+                certfile = getattr(conf.supybot.networks, self.irc.network) \
+                        .certfile()
+                self.conn = ssl.wrap_socket(self.conn,
+                        certfile=certfile or None)
             self.conn.connect((address, server[1]))
             def setTimeout():
                 self.conn.settimeout(conf.supybot.drivers.poll())