patch b720e14a8bf28c93658226f9f94140364906bf23
Author: E. Bosch <presidev@AT@gmail.com>
Date: Wed Dec 8 01:39:32 CET 2021
* irc: Add TLS/SSL support
hunk ./irgramd 9
+import ssl
hunk ./irgramd 19
- def __init__(self, address=None, port=6667, config_dir=None, **settings):
- tornado.tcpserver.TCPServer.__init__(self)
-
+ def __init__(self, address=None, port=None, config_dir=None, **settings):
hunk ./irgramd 21
+ effective_port = port
+
+ if settings['tls']:
+ if not settings['tls_cert']: # error
+ self.logger.error('TLS configured but certificate not present')
+ exit(1)
+ tls_context = ssl.create_default_context(purpose=ssl.Purpose.CLIENT_AUTH)
+ tls_context.load_cert_chain(settings['tls_cert'], settings['tls_key'])
+ if not effective_port:
+ effective_port = 6697
+ self.logger.info('TLS configured')
+ else:
+ tls_context = None
+ if not effective_port:
+ effective_port = 6667
+
+ tornado.tcpserver.TCPServer.__init__(self, ssl_options=tls_context)
+
hunk ./irgramd 40
- self.port = port
+ self.port = effective_port
hunk ./irgramd 66
- tornado.options.define('port', default=6667, help='Port to listen on.')
+ tornado.options.define('port', default=None, help='Port to listen on. (default 6667, default with TLS 6697)')
hunk ./irgramd 68
+ tornado.options.define('tls', default=False, help='Use TLS/SSL encrypted connection for IRC server')
+ tornado.options.define('tls_cert', default=None, help='IRC server certificate chain for TLS/SSL, also can contain private key if not defined with `tls_key`')
+ tornado.options.define('tls_key', default=None, help='IRC server private key for TLS/SSL')