@lines_sent = 0
@lines_received = 0
@ssl = opts[:ssl]
+ @ssl_verify = opts[:ssl_verify]
+ @ssl_ca_file = opts[:ssl_ca_file]
+ @ssl_ca_path = opts[:ssl_ca_path]
@penalty_pct = opts[:penalty_pct] || 100
end
@conn_count += 1
@server_uri = URI.parse(srv_uri)
@server_uri.port = 6667 if !@server_uri.port
+
debug "connection attempt \##{@conn_count} (#{@server_uri.host}:#{@server_uri.port})"
+ # if the host is a bracketed (IPv6) address, strip the brackets
+ # since Ruby doesn't like them in the Socket host parameter
+ # FIXME it would be safer to have it check for a valid
+ # IPv6 bracketed address rather than just stripping the brackets
+ srv_host = @server_uri.host
+ if srv_host.match(/\A\[(.*)\]\z/)
+ srv_host = $1
+ end
+
if(@host)
begin
- sock=TCPSocket.new(@server_uri.host, @server_uri.port, @host)
+ sock=TCPSocket.new(srv_host, @server_uri.port, @host)
rescue ArgumentError => e
error "Your version of ruby does not support binding to a "
error "specific local address, please upgrade if you wish "
error "to use HOST = foo"
error "(this option has been disabled in order to continue)"
- sock=TCPSocket.new(@server_uri.host, @server_uri.port)
+ sock=TCPSocket.new(srv_host, @server_uri.port)
end
else
- sock=TCPSocket.new(@server_uri.host, @server_uri.port)
+ sock=TCPSocket.new(srv_host, @server_uri.port)
end
if(@ssl)
require 'openssl'
ssl_context = OpenSSL::SSL::SSLContext.new()
- ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ if @ssl_verify
+ ssl_context.ca_file = @ssl_ca_file if @ssl_ca_file and not @ssl_ca_file.empty?
+ ssl_context.ca_path = @ssl_ca_path if @ssl_ca_path and not @ssl_ca_path.empty?
+ ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER
+ else
+ ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+ end
sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
sock.sync_close = true
sock.connect
projects / user / henk / code / ruby / rbot.git / blobdiff