From: Jack Allnutt <m2ys4u@Gmail.com>
Date: Wed, 31 Oct 2012 12:08:50 +0000 (+0000)
Subject: Configure IRC Server SSL handling
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=831b41b0e07a2d34ff63ab506531f19917e1b462;p=KiwiIRC.git

Configure IRC Server SSL handling

Can now configure whether or not to accept an IRC server's SSL certificate if it's not got a cert chain to a well-known CA
---

diff --git a/config.js b/config.js
index 57aaf6c..946bd26 100644
--- a/config.js
+++ b/config.js
@@ -62,7 +62,8 @@ conf.ip_as_username = [
 	"127.0.0.1"
 ];
 
-
+// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
+conf.reject_unauthorised_certificates = false;
 
 
 // Whitelisted HTTP proxies
diff --git a/server/irc/connection.js b/server/irc/connection.js
index cb4b4f2..3d7c7ca 100644
--- a/server/irc/connection.js
+++ b/server/irc/connection.js
@@ -10,7 +10,7 @@ var IrcConnection = function (hostname, port, ssl, nick, user, pass) {
     events.EventEmitter.call(this);
     
     if (ssl) {
-        this.socket = tls.connect(port, hostname, {}, connect_handler);
+        this.socket = tls.connect({host: hostname, port: port, rejectUnauthorized: global.config.reject_unauthorised_certificates}, connect_handler);
     } else {
         this.socket = net.createConnection(port, hostname);
         this.socket.on('connect', function () {