X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=lib%2Frbot%2Fircsocket.rb;h=e5131c2b6b3edbeb3f542f358a698e90bbd027bd;hb=a19f7bfb97e5f36e6b282fcc0982584838e86a0a;hp=4c11094b53f2151c9dd0118aa431a63e47da3112;hpb=2a3bc07d139593f1f57e23cfbd08602d29a8b26c;p=user%2Fhenk%2Fcode%2Fruby%2Frbot.git

diff --git a/lib/rbot/ircsocket.rb b/lib/rbot/ircsocket.rb
index 4c11094b..e5131c2b 100644
--- a/lib/rbot/ircsocket.rb
+++ b/lib/rbot/ircsocket.rb
@@ -285,6 +285,9 @@ module Irc
       @lines_sent = 0
       @lines_received = 0
       @ssl = opts[:ssl]
+      @ssl_verify = opts[:ssl_verify]
+      @ssl_ca_file = opts[:ssl_ca_file]
+      @ssl_ca_path = opts[:ssl_ca_path]
       @penalty_pct = opts[:penalty_pct] || 100
     end
 
@@ -303,25 +306,41 @@ module Irc
       @conn_count += 1
       @server_uri = URI.parse(srv_uri)
       @server_uri.port = 6667 if !@server_uri.port
+
       debug "connection attempt \##{@conn_count} (#{@server_uri.host}:#{@server_uri.port})"
 
+      # if the host is a bracketed (IPv6) address, strip the brackets
+      # since Ruby doesn't like them in the Socket host parameter
+      # FIXME it would be safer to have it check for a valid
+      # IPv6 bracketed address rather than just stripping the brackets
+      srv_host = @server_uri.host
+      if srv_host.match(/\A\[(.*)\]\z/)
+        srv_host = $1
+      end
+
       if(@host)
         begin
-          sock=TCPSocket.new(@server_uri.host, @server_uri.port, @host)
+          sock=TCPSocket.new(srv_host, @server_uri.port, @host)
         rescue ArgumentError => e
           error "Your version of ruby does not support binding to a "
           error "specific local address, please upgrade if you wish "
           error "to use HOST = foo"
           error "(this option has been disabled in order to continue)"
-          sock=TCPSocket.new(@server_uri.host, @server_uri.port)
+          sock=TCPSocket.new(srv_host, @server_uri.port)
         end
       else
-        sock=TCPSocket.new(@server_uri.host, @server_uri.port)
+        sock=TCPSocket.new(srv_host, @server_uri.port)
       end
       if(@ssl)
         require 'openssl'
         ssl_context = OpenSSL::SSL::SSLContext.new()
-        ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        if @ssl_verify
+          ssl_context.ca_file = @ssl_ca_file if @ssl_ca_file and not @ssl_ca_file.empty?
+          ssl_context.ca_path = @ssl_ca_path if @ssl_ca_path and not @ssl_ca_path.empty?
+          ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER 
+        else
+          ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
+        end
         sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
         sock.sync_close = true
         sock.connect