irc.connection.Factory.connect
should support ssl.SSLContext.wrap_socket
with the server_hostname
parameter
#216
Labels
ssl.wrap_socket
is the currently recommended helper for adding SSL/TLS support when using the library.ssl.wrap_socket
usage however has been deprecated since Python 3.2. Instead clients are encouraged to use an instance of ssl.SSLContext and itswrap_socket
method .Per https://ircv3.net/docs/sni.html, IRCv3 capable clients must use SNI when connecting via TLS.
ssl.SSLContext.wrap_socket
is able to perform SNI negotiation and server certificate validation when it is called with aserver_hostname
parameter, but will error out with "ValueError: check_hostname requires server_hostname" or similar when server_hostname is omitted. The workaround for this is to setcheck_hostname = False
andverify_mode = ssl.CERT_NONE
on thessl.SSLContext
instance, but this also violates the IRCv3 spec and introduces man-in-the-middle potential for the TLS secured connection.The text was updated successfully, but these errors were encountered: