kewl-infrastructure-utils/images/lieferhund/sinntp_use_tls.patch

diff --git a/sinntp b/sinntp
index 0d54740..2d4c5a9 100755
--- a/sinntp
+++ b/sinntp
@@ -21,7 +21,7 @@ type(...)  # Python 3 is required
 __author__ = ('Jakub Wilk', 'Piotr Lewandowski')
 __version__ = '1.6.1'
 
-from nntplib import NNTP, NNTP_PORT, NNTPTemporaryError, NNTPError
+from nntplib import NNTP, NNTP_SSL, NNTP_PORT, NNTPTemporaryError, NNTPError
 import argparse
 import email
 import email.generator
@@ -36,6 +36,7 @@ import os.path
 import signal
 import socket
 import sys
+import ssl
 
 import plugins
 import utils
@@ -105,6 +106,8 @@ class Command():
         o.add_argument('-P', '--password', dest='password', action='store', help='specify password')
         o.add_argument('--no-netrc', dest='netrc', action='store_false', help='ignore credentials in ~/.netrc')
         o.add_argument('-t', '--timeout', dest='timeout', action='store', type=int, help='specify connection timeout')
+        o.add_argument('-T', '--use-tls', dest='tls', action='store_true', help='use TLS')
+        o.add_argument('-I', '--insecure', dest='tls_no_verify', action='store_true', help='disable TLS verification')
         return o
 
     def __init__(self, argv):
@@ -360,13 +363,32 @@ if __name__ == '__main__':
     socket.setdefaulttimeout(command.options.timeout)
     try:
         logging.info('Connecting to %s:%d...', host, port)
-        connection = NNTP(host,
-            port=port,
-            user=command.options.username,
-            password=command.options.password,
-            readermode=True,
-            usenetrc=command.options.netrc
-        )
+
+        connection = None
+
+        if not command.options.tls:
+            connection = NNTP(host,
+                              port=port,
+                              user=command.options.username,
+                              password=command.options.password,
+                              readermode=True,
+                              usenetrc=command.options.netrc
+                              )
+        else:
+            used_context = ssl.create_default_context()
+
+            if command.options.tls_no_verify:
+                used_context.check_hostname = False
+                used_context.verify_mode = ssl.CERT_NONE
+
+            connection = NNTP_SSL(host,
+                                  port=port,
+                                  user=command.options.username,
+                                  password=command.options.password,
+                                  ssl_context=used_context,
+                                  readermode=True,
+                                  usenetrc=command.options.netrc
+                                  )
     except socket.error as e:
         logging.error('Could not connect to %s:%d: %s', host, port, e.strerror)
         sys.exit(3)