Description: Add CertFP support
Author: Unit 193 <unit193@unit193.net>
Forwarded: no

---
 lib/rbot/ircbot.rb    |    5 +++++
 lib/rbot/ircsocket.rb |    6 ++++++
 2 files changed, 11 insertions(+)

--- a/lib/rbot/ircbot.rb
+++ b/lib/rbot/ircbot.rb
@@ -177,6 +177,10 @@ class Bot
       :default => false, :requires_restart => true,
       :desc => "Verify the SSL connection?",
       :wizard => true)
+    Config.register Config::StringValue.new('server.ssl_cert',
+      :requires_restart => true,
+      :desc => "The cert file used to authenticate to the server.",
+      :wizard => true)
     Config.register Config::StringValue.new('server.ssl_ca_file',
       :default => default_ssl_ca_file, :requires_restart => true,
       :desc => "The CA file used to verify the SSL connection.",
@@ -496,6 +500,7 @@ class Bot
     @socket = Irc::Socket.new(@config['server.list'], @config['server.bindhost'], 
                               :ssl => @config['server.ssl'],
                               :ssl_verify => @config['server.ssl_verify'],
+                              :ssl_cert => @config['server.ssl_cert'],
                               :ssl_ca_file => @config['server.ssl_ca_file'],
                               :ssl_ca_path => @config['server.ssl_ca_path'],
                               :penalty_pct => @config['send.penalty_pct'])
--- a/lib/rbot/ircsocket.rb
+++ b/lib/rbot/ircsocket.rb
@@ -286,6 +286,7 @@ module Irc
       @lines_received = 0
       @ssl = opts[:ssl]
       @ssl_verify = opts[:ssl_verify]
+      @ssl_cert = opts[:ssl_cert]
       @ssl_ca_file = opts[:ssl_ca_file]
       @ssl_ca_path = opts[:ssl_ca_path]
       @penalty_pct = opts[:penalty_pct] || 100
@@ -341,6 +342,11 @@ module Irc
         else
           ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
         end
+        if @ssl_cert and not @ssl_cert.empty?
+          client_cert = OpenSSL::X509::Certificate.new(open(File.expand_path(@ssl_cert)))
+          client_key = OpenSSL::PKey.read(open(File.expand_path(@ssl_cert)))
+          ssl_context.add_certificate(client_cert, client_key)
+        end
         sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
         sock.sync_close = true
         sock.connect
