diff --git a/__init__.py b/__init__.py index 5376c16..d6a2865 100755 --- a/__init__.py +++ b/__init__.py @@ -39,7 +39,8 @@ def run_phenny(config): def connect(config): import bot p = bot.Phenny(config) - p.run(config.host, config.port, config.ssl, config.ipv6) + p.run(config.host, config.port, config.ssl, config.ipv6, + config.ca_certs) try: Watcher() except Exception as e: diff --git a/irc.py b/irc.py index 2a31ec4..854e884 100755 --- a/irc.py +++ b/irc.py @@ -114,8 +114,13 @@ class Bot(asynchat.async_chat): cafile=self.ca_certs) sock = context.wrap_socket(sock, server_hostname=hostname) except: + if self.ca_certs is None: + # default to standard path on most non-EL distros + ca_certs = "/etc/ssl/certs/ca-certificates.crt" + else: + ca_certs = self.ca_certs sock = ssl.wrap_socket(sock, ssl_version=ssl.PROTOCOL_TLSv1, - cert_reqs=ssl.CERT_OPTIONAL, ca_certs=self.ca_certs) + cert_reqs=ssl.CERT_OPTIONAL, ca_certs=ca_certs) # FIXME: this doesn't work with SSL enabled #sock.setblocking(False) self.set_socket(sock) diff --git a/phenny b/phenny index 1d5ce00..802cd68 100755 --- a/phenny +++ b/phenny @@ -156,6 +156,9 @@ def main(argv=None): if not hasattr(module, 'ssl'): module.ssl = False + + if not hasattr(module, 'ca_certs'): + module.ca_certs = None if not hasattr(module, 'ipv6'): module.ipv6 = False