Add basic SSL support via --ssl-pem-file

3 files changed, 28 insertions, 3 deletions

diff --git a/CHANGES b/CHANGES
index 1aae73b..a98d127 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,7 @@
 Unreleased
 
   * Added support for the LUSERS command (from Alex Wright).
+  * Added basic SSL support (from Leandro Lucarella).
 
 0.4 2012-07-01
 
diff --git a/README.md b/README.md
index 72cb35a..d04ace5 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,7 @@ Features
 
 * Knows about the basic IRC protocol and commands.
 * Easy installation.
+* Basic SSL support.
 * No configuration.
 * No ident lookup (so that people behind firewalls that filter the ident port
   without sending NACK can connect without long timeouts).
@@ -31,7 +32,8 @@ Limitations
 Requirements
 ------------
 
-Python 2.5 or newer. Get it at http://www.python.org.
+Python 2.5 or newer, Python 2.6 or newer when SSL is used.
+Get it at http://www.python.org.
 
 Installation
 ------------
diff --git a/miniircd b/miniircd
index 561e1a2..1e48a2b 100755
--- a/miniircd
+++ b/miniircd
@@ -634,6 +634,7 @@ class Server(object):
     def __init__(self, options):
         self.ports = options.ports
         self.password = options.password
+        self.ssl_pem_file = options.ssl_pem_file
         self.motdfile = options.motd
         self.verbose = options.verbose
         self.debug = options.debug
@@ -756,6 +757,15 @@ class Server(object):
                     self.clients[x].socket_readable_notification()
                 else:
                     (conn, addr) = x.accept()
+                    if self.ssl_pem_file:
+                        try:
+                            conn = ssl.wrap_socket(conn,
+                                 server_side=True,
+                                 certfile=self.ssl_pem_file,
+                                 keyfile=self.ssl_pem_file)
+                        except ssl.SSLError as e:
+                            self.print_error('SSL error: %s\n' % (addr, e))
+                            continue
                     self.clients[conn] = Client(self, conn)
                     self.print_info("Accepted connection from %s:%s." % (
                         addr[0], addr[1]))
@@ -800,6 +810,10 @@ def main(argv):
         metavar="X",
         help="display file X as message of the day")
     op.add_option(
+        "-s", "--ssl-pem-file",
+        metavar="FILE",
+        help="enable SSL and use FILE as the .pem certificate+key")
+    op.add_option(
         "-p", "--password",
         metavar="X",
         help="require connection password X; default: no password")
@@ -807,7 +821,7 @@ def main(argv):
         "--ports",
         metavar="X",
         help="listen to ports X (a list separated by comma or whitespace);"
-             " default: 6667")
+             " default: 6667 or 6697 if SSL is enabled")
     op.add_option(
         "--statedir",
         metavar="X",
@@ -816,10 +830,18 @@ def main(argv):
         "--verbose",
         action="store_true",
         help="be verbose (print some progress messages to stdout)")
-    op.set_defaults(ports="6667")
     (options, args) = op.parse_args(argv[1:])
     if options.debug:
         options.verbose = True
+    if options.ssl_pem_file is not None:
+        # Only import ssl when needed
+        global ssl
+        import ssl
+    if options.ports is None:
+        if options.ssl_pem_file is None:
+            options.ports = "6667"
+        else:
+            options.ports = "6697"
     ports = []
     for port in re.split(r"[,\s]+", options.ports):
         try: