irc: allow specifying SSL CA per server #1262
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #438.
This PR is an improvement of PR #613 (credit to @ManiacTwister), which started in the right direction but has some still unresolved issues:
hook_connect
still have no way to manipulate the trust list for their connection only.This PR tries to solve these problems and hopefully finally bring per server SSL CAs to weechat. Every
hook_connect
user can choose to manipulate the trust list however they see fit: clear it (or not), add CAs from file (or elsewhere).Turns out GnuTLS >=3.3.0 is required to manipulate the trust list like this. This is a significantly higher requirement than otherwise is needed but it only affects the added
ssl_ca_file
option use and should be fine on most cases (even the old Ubuntu 16.04 has GnuTLS 3.4).Happy Hacktoberfest!