From 8fbc3f6fccedcb52fcb96860c8409f6602f1a162 Mon Sep 17 00:00:00 2001
From: mutantmonkey <mutantmonkey@mutantmonkey.in>
Date: Wed, 21 Mar 2012 23:10:15 -0400
Subject: [PATCH] verify ssl certificates

---
 irc.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/irc.py b/irc.py
index b9d098a..9df29cb 100755
--- a/irc.py
+++ b/irc.py
@@ -79,7 +79,9 @@ class Bot(asynchat.async_chat):
             raise
             #pass
 
-    def run(self, host, port=6667, ssl=False, ipv6=False): 
+    def run(self, host, port=6667, ssl=False,
+            ipv6=False, ca_certs='/etc/ssl/certs/ca-certificates.crt'): 
+        self.ca_certs = ca_certs
         self.initiate_connect(host, port, ssl, ipv6)
 
     def initiate_connect(self, host, port, use_ssl, ipv6): 
@@ -100,7 +102,8 @@ class Bot(asynchat.async_chat):
         self.family_and_type = family, type
         sock = socket.socket(family, type)
         if use_ssl:
-            sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1)
+            sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1,
+                    cert_reqs=ssl.CERT_OPTIONAL, ca_certs=self.ca_certs)
         # FIXME: ssl module does not appear to work properly with nonblocking sockets
         #sock.setblocking(0)
         self.set_socket(sock)