From 7b63533b629ec294ab1d3a60242ac65e57d0838b Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 26 Mar 2025 23:06:15 +0000
Subject: [PATCH] Update SSL use in our IRC access check script

This more closely aligns with the example usage documented in the
irc module source.

Change-Id: I05cd965cb24f8f643b7d74b1d687fc597b6cb74d
---
 tools/check_irc_access.py | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/tools/check_irc_access.py b/tools/check_irc_access.py
index 1431ae9576..57f0844800 100755
--- a/tools/check_irc_access.py
+++ b/tools/check_irc_access.py
@@ -16,6 +16,7 @@
 # limitations under the License.
 
 import argparse
+import functools
 import irc.client
 import logging
 import random
@@ -142,13 +143,12 @@ def main():
                      for x in range(16))
     port = int(args.port)
     if port == 6697:
-        context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-        # Set to false as the irc connection factory doesn't pass the
-        # server hostname into the wrapper which is required for hostname
-        # checking. Since this is just for testing risk is low.
-        context.check_hostname = False
-        context.verify_mode = ssl.CERT_NONE
-        factory = irc.connection.Factory(wrapper=context.wrap_socket)
+        # Taken from the example in the Factory class docstring at
+        # https://github.com/jaraco/irc/blob/main/irc/connection.py
+        context = ssl.create_default_context()
+        wrapper = functools.partial(
+            context.wrap_socket, server_hostname=args.server)
+        factory = irc.connection.Factory(wrapper=wrapper)
         a.connect(args.server, int(args.port), mynick,
                   connect_factory=factory)
     else: