From 595a2dfe9f087f368991875e2cbdc2dc3012a7c8 Mon Sep 17 00:00:00 2001
From: Unit 193 <unit193@unit193.net>
Date: Fri, 17 May 2024 18:44:48 -0400
Subject: [PATCH] Add CertFP support.

---
 lib/rbot/ircbot.rb    | 5 +++++
 lib/rbot/ircsocket.rb | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/lib/rbot/ircbot.rb b/lib/rbot/ircbot.rb
index 058e7bbe..b018e11a 100644
--- a/lib/rbot/ircbot.rb
+++ b/lib/rbot/ircbot.rb
@@ -184,6 +184,10 @@ def initialize(botclass, params = {})
       :default => false, :requires_restart => true,
       :desc => "Verify the SSL connection?",
       :wizard => true)
+    Config.register Config::StringValue.new('server.ssl_cert',
+      :requires_restart => true,
+      :desc => "The cert file used to authenticate to the server.",
+      :wizard => true)
     Config.register Config::StringValue.new('server.ssl_ca_file',
       :default => default_ssl_ca_file, :requires_restart => true,
       :desc => "The CA file used to verify the SSL connection.",
@@ -503,6 +507,7 @@ def $stderr.write(*args)
     @socket = Irc::Socket.new(@config['server.list'], @config['server.bindhost'], 
                               :ssl => @config['server.ssl'],
                               :ssl_verify => @config['server.ssl_verify'],
+                              :ssl_cert => @config['server.ssl_cert'],
                               :ssl_ca_file => @config['server.ssl_ca_file'],
                               :ssl_ca_path => @config['server.ssl_ca_path'],
                               :penalty_pct => @config['send.penalty_pct'])
diff --git a/lib/rbot/ircsocket.rb b/lib/rbot/ircsocket.rb
index e5131c2b..954becb8 100644
--- a/lib/rbot/ircsocket.rb
+++ b/lib/rbot/ircsocket.rb
@@ -286,6 +286,7 @@ def initialize(server_list, host, opts={})
       @lines_received = 0
       @ssl = opts[:ssl]
       @ssl_verify = opts[:ssl_verify]
+      @ssl_cert = opts[:ssl_cert]
       @ssl_ca_file = opts[:ssl_ca_file]
       @ssl_ca_path = opts[:ssl_ca_path]
       @penalty_pct = opts[:penalty_pct] || 100
@@ -341,6 +342,11 @@ def connect
         else
           ssl_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
         end
+        if @ssl_cert and not @ssl_cert.empty?
+          client_cert = OpenSSL::X509::Certificate.new(File.read(@ssl_cert))
+          client_key = OpenSSL::PKey.read(File.read(@ssl_cert))
+          ssl_context.add_certificate(client_cert, client_key)
+        end
         sock = OpenSSL::SSL::SSLSocket.new(sock, ssl_context)
         sock.sync_close = true
         sock.connect