From 831b41b0e07a2d34ff63ab506531f19917e1b462 Mon Sep 17 00:00:00 2001
From: Jack Allnutt <m2ys4u@Gmail.com>
Date: Wed, 31 Oct 2012 12:08:50 +0000
Subject: [PATCH] Configure IRC Server SSL handling

Can now configure whether or not to accept an IRC server's SSL certificate if it's not got a cert chain to a well-known CA
---
 config.js                | 3 ++-
 server/irc/connection.js | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/config.js b/config.js
index 57aaf6c..946bd26 100644
--- a/config.js
+++ b/config.js
@@ -62,7 +62,8 @@ conf.ip_as_username = [
 	"127.0.0.1"
 ];
 
-
+// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
+conf.reject_unauthorised_certificates = false;
 
 
 // Whitelisted HTTP proxies
diff --git a/server/irc/connection.js b/server/irc/connection.js
index cb4b4f2..3d7c7ca 100644
--- a/server/irc/connection.js
+++ b/server/irc/connection.js
@@ -10,7 +10,7 @@ var IrcConnection = function (hostname, port, ssl, nick, user, pass) {
     events.EventEmitter.call(this);
     
     if (ssl) {
-        this.socket = tls.connect(port, hostname, {}, connect_handler);
+        this.socket = tls.connect({host: hostname, port: port, rejectUnauthorized: global.config.reject_unauthorised_certificates}, connect_handler);
     } else {
         this.socket = net.createConnection(port, hostname);
         this.socket.on('connect', function () {
-- 
2.25.1