Use certifi root certificates when available

README.md

@@ -82,13 +82,16 @@ The old READMEs are also preserved in the [docs](docs) folder:
 ## RUNNING FROM SOURCE <img src="smilies/tab.gif">
 Pesterchum is a Python script. This means that as long as you have Python installed you can run it without requiring a build/executable, this is useful if there's no compatible build for your system.
 
-### REQUIREMENTS
+### DEPENDENCIES
  - [Python 3]
      - Ideally 3.8 or later, though older versions may still work, I don't test them.
  - [PyQt6] (prefered) or [PyQt5] (legacy)
      - Qt6 only supports maintained 64 bit operating systems, like Windows 10 or later for Windows. ([Qt 6.3 Supported Platforms](https://doc.qt.io/qt-6/supported-platforms.html))
      - Qt5 supports Windows 7 or later, but is past its EOL for non-commercial use. ([Qt 5.15 Supported Platforms](https://doc.qt.io/qt-6/supported-platforms.html))
- - (Linux-specific) [pygame] or [GStreamer] for audio.
+ - (Optional) [pygame] can provide an alternative audio backend for certain systems.
+     - Useful for Linux systems that don't meet the Qt6 requirements, as Qt5 Multimedia has a GStreamer dependency.
+ - (Optional) [certifi] can provide alternative root certificates for TLS certificate validation.
+     - Useful for MacOS, as Python doesn't use the system-provided certificates because of MacOS' outdated SSL library. Also miscellaneous systems without usable root certificates.
  
 ### WALKTHROUGH
 
@@ -114,6 +117,7 @@ Pesterchum is a Python script. This means that as long as you have Python instal
 [PyQt5]: https://pypi.org/project/PyQt5/
 [PyQt6]: https://pypi.org/project/PyQt6/
 [pygame]: https://pypi.org/project/pygame/
+[certifi]: https://pypi.org/project/certifi/
 [GStreamer]: https://gstreamer.freedesktop.org/
  
 ## FREEZE / BUILD <img src="themes/win95chum/admin.png">

oyoyo/client.py

@@ -15,21 +15,31 @@
 # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 # THE SOFTWARE.
 
-import logging
-
-PchumLog = logging.getLogger("pchumLogger")
-
-import logging
-import socket
+import sys
 import time
-import traceback
 import ssl
+import socket
 import select
+import logging
+import traceback
 
 from oyoyo.parse import parse_raw_irc_command
 from oyoyo import helpers
 from oyoyo.cmdhandler import CommandError
 
+PchumLog = logging.getLogger("pchumLogger")
+
+try:
+    import certifi
+except ImportError:
+    if sys.platform == "darwin":
+        # Certifi is required to validate certificates on MacOS with pyinstaller builds.
+        PchumLog.warning(
+            "Failed to import certifi, which is recommended on MacOS. "
+            "Pesterchum might not be able to validate certificates unless "
+            "Python's root certs are installed."
+        )
+
 
 class IRCClientError(Exception):
     pass
@@ -199,6 +209,13 @@ class IRCClient:
             if verify_hostname == False:
                 context.check_hostname = False
                 context.verify_mode = ssl.CERT_NONE
+            else:
+                # Also load certifi provided root certs if present. (Mainly useful for MacOS)
+                if "certifi" in sys.modules:
+                    try:
+                        context.load_verify_locations(cafile=certifi.where())
+                    except:
+                        PchumLog.exception("")
 
             bare_sock = socket.create_connection((self.host, self.port))
             self.socket = context.wrap_socket(