From 8fbc3f6fccedcb52fcb96860c8409f6602f1a162 Mon Sep 17 00:00:00 2001 From: mutantmonkey Date: Wed, 21 Mar 2012 23:10:15 -0400 Subject: [PATCH] verify ssl certificates --- irc.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/irc.py b/irc.py index b9d098a..9df29cb 100755 --- a/irc.py +++ b/irc.py @@ -79,7 +79,9 @@ class Bot(asynchat.async_chat): raise #pass - def run(self, host, port=6667, ssl=False, ipv6=False): + def run(self, host, port=6667, ssl=False, + ipv6=False, ca_certs='/etc/ssl/certs/ca-certificates.crt'): + self.ca_certs = ca_certs self.initiate_connect(host, port, ssl, ipv6) def initiate_connect(self, host, port, use_ssl, ipv6): @@ -100,7 +102,8 @@ class Bot(asynchat.async_chat): self.family_and_type = family, type sock = socket.socket(family, type) if use_ssl: - sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1) + sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, + cert_reqs=ssl.CERT_OPTIONAL, ca_certs=self.ca_certs) # FIXME: ssl module does not appear to work properly with nonblocking sockets #sock.setblocking(0) self.set_socket(sock)