From 21701a1299cd6b64db5b2fb3765f578ff1f9fc6b Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@d5401s.localdomain>
Date: Tue, 31 Aug 2021 17:29:43 +0200
Subject: [PATCH 1/3] do not unconditionally enable tls on /connect -!

---
 src/core/servers-setup.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/core/servers-setup.c b/src/core/servers-setup.c
index b1f57a99..82e5f6be 100644
--- a/src/core/servers-setup.c
+++ b/src/core/servers-setup.c
@@ -191,8 +191,10 @@ static void server_setup_fill_optlist(SERVER_CONNECT_REC *conn, GHashTable *optl
 
 	/* ad-hoc TLS settings from command optlist */
 	if ((tmp = g_hash_table_lookup(optlist, "tls_cert")) != NULL ||
-	    (tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL)
+	    (tmp = g_hash_table_lookup(optlist, "ssl_cert")) != NULL) {
 		conn->tls_cert = g_strdup(tmp);
+		conn->use_tls = TRUE;
+	}
 	if ((tmp = g_hash_table_lookup(optlist, "tls_pkey")) != NULL ||
 	    (tmp = g_hash_table_lookup(optlist, "ssl_pkey")) != NULL)
 		conn->tls_pkey = g_strdup(tmp);
@@ -220,10 +222,10 @@ static void server_setup_fill_optlist(SERVER_CONNECT_REC *conn, GHashTable *optl
 	if (g_hash_table_lookup(optlist, "notls_verify") != NULL)
 		conn->tls_verify = FALSE;
 	if (g_hash_table_lookup(optlist, "tls_verify") != NULL ||
-	    g_hash_table_lookup(optlist, "ssl_verify") != NULL)
+	    g_hash_table_lookup(optlist, "ssl_verify") != NULL) {
 		conn->tls_verify = TRUE;
-	if ((conn->tls_cert != NULL && conn->tls_cert[0] != '\0') || conn->tls_verify)
 		conn->use_tls = TRUE;
+	}
 	if (g_hash_table_lookup(optlist, "notls") != NULL)
 		conn->use_tls = FALSE;
 	if (g_hash_table_lookup(optlist, "tls") != NULL ||

From 6c47fcf10d5a4b7718a3351ea0571da4d9f3c536 Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@d5401s.localdomain>
Date: Tue, 31 Aug 2021 21:49:29 +0200
Subject: [PATCH 2/3] Revert "Merge pull request #19 from
 ailin-nemui/starttls-no"

This reverts commit 3324c5da89c694ce5bbd20ecb313da870d1bb914, reversing
changes made to d3115f38550f26b935d4e22201d09287ce44e5ac.
---
 src/irc/core/irc-servers-setup.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/irc/core/irc-servers-setup.h b/src/irc/core/irc-servers-setup.h
index d55507d8..7b11a2fe 100644
--- a/src/irc/core/irc-servers-setup.h
+++ b/src/irc/core/irc-servers-setup.h
@@ -12,8 +12,8 @@
 	(IRC_SERVER_SETUP(server) ? TRUE : FALSE)
 
 enum {
-	STARTTLS_NOTSET = -1, /* */
-	STARTTLS_DISALLOW = 0,
+	STARTTLS_DISALLOW = -1, /* */
+	STARTTLS_NOTSET = 0,
 	STARTTLS_ENABLED = 1
 };
 

From 1a6d74ac2645cf4f1c980604894f60dbf29a2d95 Mon Sep 17 00:00:00 2001
From: Ailin Nemui <ailin@d5401s.localdomain>
Date: Tue, 31 Aug 2021 21:54:41 +0200
Subject: [PATCH 3/3] fix reading of starttls = "no" in config, attempt 2

---
 src/irc/core/irc-servers-setup.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
index 5299ef04..2cc80946 100644
--- a/src/irc/core/irc-servers-setup.c
+++ b/src/irc/core/irc-servers-setup.c
@@ -188,6 +188,7 @@ static void init_userinfo(void)
 
 static void sig_server_setup_read(IRC_SERVER_SETUP_REC *rec, CONFIG_NODE *node)
 {
+	int starttls;
 	g_return_if_fail(rec != NULL);
 	g_return_if_fail(node != NULL);
 
@@ -197,7 +198,10 @@ static void sig_server_setup_read(IRC_SERVER_SETUP_REC *rec, CONFIG_NODE *node)
 	rec->max_cmds_at_once = config_node_get_int(node, "cmds_max_at_once", 0);
 	rec->cmd_queue_speed = config_node_get_int(node, "cmd_queue_speed", 0);
 	rec->max_query_chans = config_node_get_int(node, "max_query_chans", 0);
-	rec->starttls = config_node_get_bool(node, "starttls", STARTTLS_NOTSET);
+	starttls = config_node_get_bool(node, "starttls", -1);
+	rec->starttls = starttls == -1 ? STARTTLS_NOTSET :
+	                starttls == 0  ? STARTTLS_DISALLOW :
+                                         STARTTLS_ENABLED;
 	if (rec->starttls == STARTTLS_ENABLED) {
 		rec->use_tls = 0;
 	}