upd: (bands/) irc/socket.py:

> PROTOCOL_TLS_CLIENT automatically enables check_hostname and CERT_REQUIRED, just add the missing load_default_certs() when verify_tls to fix verified connections. > it's okay to specify server_hostname regardless of verification.
gottaeat · Aug 4, 2024 · b56c280 · b56c280
1 parent ce92308
commit b56c280
Showing 1 changed file with 4 additions and 13 deletions.
diff --git a/bands/irc/socket.py b/bands/irc/socket.py
@@ -37,31 +37,22 @@ def connect(self):
                 ssl_context.check_hostname = False
                 ssl_context.verify_mode = ssl.CERT_NONE
             else:
-                ssl_context.check_hostname = True
+                ssl_context.load_default_certs()
 
         self.conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 
         # libera ircd takes its time, 10 seems to work however
         self.conn.settimeout(10)
 
         if self.tls:
-            if not self.verify_tls:
-                self.conn = ssl_context.wrap_socket(self.conn)
-            else:
-                self.conn = ssl_context.wrap_socket(
-                    self.conn, server_hostname=self.address
-                )
+            self.conn = ssl_context.wrap_socket(self.conn, server_hostname=self.address)
 
         try:
             self.conn.connect(addr)
         except ssl.SSLCertVerificationError:
-            self.logger.exception(
-                "attempting to connect with TLS failed",
-            )
+            self.logger.exception("attempting to connect with TLS failed")
         except TimeoutError:
-            self.logger.exception(
-                "connection timed out",
-            )
+            self.logger.exception("connection timed out")
 
         self.conn.settimeout(None)