feat: add tls_verify option for self-signed certs

Skip certificate verification when tls_verify = false in config.
Defaults to true for safety.

src/derp/bot.py

@@ -24,6 +24,7 @@ class Bot:
             host=config["server"]["host"],
             port=config["server"]["port"],
             tls=config["server"]["tls"],
+            tls_verify=config["server"].get("tls_verify", True),
         )
         self.nick: str = config["server"]["nick"]
         self.prefix: str = config["bot"]["prefix"]

src/derp/irc.py

@@ -84,10 +84,12 @@ def format_msg(command: str, *params: str) -> str:
 class IRCConnection:
     """Async TCP/TLS connection to an IRC server."""
 
-    def __init__(self, host: str, port: int, tls: bool = True) -> None:
+    def __init__(self, host: str, port: int, tls: bool = True,
+                 tls_verify: bool = True) -> None:
         self.host = host
         self.port = port
         self.tls = tls
+        self.tls_verify = tls_verify
         self._reader: asyncio.StreamReader | None = None
         self._writer: asyncio.StreamWriter | None = None
 
@@ -96,6 +98,9 @@ class IRCConnection:
         ssl_ctx = None
         if self.tls:
             ssl_ctx = ssl.create_default_context()
+            if not self.tls_verify:
+                ssl_ctx.check_hostname = False
+                ssl_ctx.verify_mode = ssl.CERT_NONE
 
         log.info("connecting to %s:%d (tls=%s)", self.host, self.port, self.tls)
         self._reader, self._writer = await asyncio.open_connection(