From 340ed8ed51bb5c71baa4a997141d5a89cefd6b10 Mon Sep 17 00:00:00 2001 From: Unit 193 Date: Sat, 31 May 2014 17:01:00 -0400 Subject: [PATCH] Add support for using CertFP to auth to the IRC server, and document it. Signed-off-by: Eric S. Raymond --- irkerd | 8 ++++++-- irkerd.xml | 18 +++++++++++++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/irkerd b/irkerd index dd567e5..b47ff01 100755 --- a/irkerd +++ b/irkerd @@ -233,13 +233,13 @@ class IRCServerConnection(): self.master = master self.socket = None - def _wrap_socket(self, socket, target, cafile=None, + def _wrap_socket(self, socket, target, certfile=None, cafile=None, protocol=ssl.PROTOCOL_TLSv1): try: # Python 3.2 and greater ssl_context = ssl.SSLContext(protocol) except AttributeError: # Python < 3.2 self.socket = ssl.wrap_socket( - socket, cert_reqs=ssl.CERT_REQUIRED, + socket, certfile=certfile, cert_reqs=ssl.CERT_REQUIRED, ssl_version=protocol, ca_certs=cafile) else: ssl_context.verify_mode = ssl.CERT_REQUIRED @@ -948,6 +948,9 @@ if __name__ == '__main__': parser.add_argument( '-c', '--ca-file', metavar='PATH', help='file of trusted certificates for SSL/TLS') + parser.add_argument( + '-e', '--cert-file', metavar='PATH', + help='pem file used to authenticate to the server') parser.add_argument( '-d', '--log-level', metavar='LEVEL', choices=LOG_LEVELS, help='how much to log to the log file (one of %(choices)s)') @@ -990,6 +993,7 @@ if __name__ == '__main__': nick_needs_number=re.search('%.*d', args.nick), password=args.password, cafile=args.ca_file, + certfile=args.cert_file, ) LOG.info("irkerd version %s" % version) if args.immediate: diff --git a/irkerd.xml b/irkerd.xml index c3c68a2..f0676c5 100644 --- a/irkerd.xml +++ b/irkerd.xml @@ -20,6 +20,7 @@ irkerd -c ca-file -d debuglevel + -e cert-file -l logfile -n nick -p password @@ -60,7 +61,7 @@ Examples: If the channel part of the URL does not have one of the prefix characters #, &, or +, a # will be prepended to it before -shipping - unlessthe channel part has the suffix +shipping - unless the channel part has the suffix ",isnick" (which is unconditionally removed). The host part of the URL may have a port-number suffix separated by a @@ -137,6 +138,21 @@ joining a channel to log its traffic. +-e +Takes a following filename in pem format and uses it +to authenticate to the IRC server. You must be connecting to the IRC server +over SSL for this to function properly. This is commonly known as +CertFP. + + + +-e +Takes a following filename in pem format and uses it +to authenticate to the IRC server. You must be connecting to the IRC server +over SSL for this to function properly. This is commonly known as CertFP. + + + -l Takes a following filename, logs traffic to that file. Each log line consists of three |-separated fields; a numeric -- 2.26.2