support specifying tls client keypair

ircrobots/__init__.py

@@ -3,3 +3,4 @@ from .server import Server
 from .params import (ConnectionParams, SASLUserPass, SASLExternal, SASLSCRAM,
     STSPolicy, ResumePolicy)
 from .ircv3  import Capability
+from .security import TLS

ircrobots/security.py

@@ -1,7 +1,10 @@
 import ssl
+from dataclasses import dataclass
+from typing import Optional, Tuple
 
+@dataclass
 class TLS:
-    pass
+    client_keypair: Optional[Tuple[str, str]] = None
 
 # tls without verification
 class TLSNoVerify(TLS):

ircrobots/transport.py

@@ -43,6 +43,9 @@ class TCPTransport(ITCPTransport):
         cur_ssl: Optional[SSLContext] = None
         if tls is not None:
             cur_ssl = tls_context(not isinstance(tls, TLSNoVerify))
+            if tls.client_keypair is not None:
+                (client_cert, client_key) = tls.client_keypair
+                cur_ssl.load_cert_chain(client_cert, keyfile=client_key)
 
         local_addr: Optional[Tuple[str, int]] = None
         if not bindhost is None: