That's true, but I still could use tls when I could configure the domain check somehow (and also by normal cert pinning but that is pretty inconvenient).
I guess that's better, though I then have to change the pinned cert every time the cert changes, something like "domain pinning" would be more convenient. (setting a domain for a server that the certificate may be issued to)
And that won't check if the domain you're connecting to is the domain the certificate is issued for?
of course another possibility for this special use-case would be adding socks proxy support.
currently it is only possible to either validate ssl certs via the local certstore or to connect via plaintext, but for example when using socat to proxy connections to servers through tor, I want to use ssl but the cert not to be validated.
It would be really great if soju had support for logging in to irc servers via certificates rather than only passwords.With that addition I would be able to login to freenode via a tor proxy since that is the only method where it is allowed to do that (ECDSA-NIST256P-CHALLENGE is also allowed, but also not supported).