`irc.connection.Factory.connect` should support `ssl.SSLContext.wrap_socket` with the `server_hostname` parameter
bd808 opened this issue · 1 comments
ssl.wrap_socket
is the currently recommended helper for adding SSL/TLS support when using the library. ssl.wrap_socket
usage however has been deprecated since Python 3.2. Instead clients are encouraged to use an instance of ssl.SSLContext and its wrap_socket
method .
Per https://ircv3.net/docs/sni.html, IRCv3 capable clients must use SNI when connecting via TLS. ssl.SSLContext.wrap_socket
is able to perform SNI negotiation and server certificate validation when it is called with a server_hostname
parameter, but will error out with "ValueError: check_hostname requires server_hostname" or similar when server_hostname is omitted. The workaround for this is to set check_hostname = False
and verify_mode = ssl.CERT_NONE
on the ssl.SSLContext
instance, but this also violates the IRCv3 spec and introduces man-in-the-middle potential for the TLS secured connection.
Sounds good. Would you be willing to implement a patch?